Professional Documents
Culture Documents
Cortex Diagnose Report
Cortex Diagnose Report
1412
Date: 2021/07/12 22:29:07
----------------------------------
01 - Operating System
----------------------------------
0101 - Operating System : Windows 8.1 Pro 64-bit (6.3, Build 9600)
(9600.winblue_ltsb.190606-0600)
0102 - Language : English (Regional Setting: English)
0103 - BIOS : InsydeH2O Version 05.05.01F.20
0104 - Processor : Intel(R) Pentium(R) CPU N3700 @ 1.60GHz (4 CPUs), ~1.6GHz
0105 - Memory : 8192MB RAM
0106 - Available OS Memory : 8040MB RAM
0107 - Page File : 2447MB used, 13785MB available
0108 - Windows Dir : C:\Windows
0109 - DirectX Version : DirectX 11
0110 - DX Setup Parameters : Not found
0111 - User DPI Setting : Using System DPI
0112 - System DPI Setting : 96 DPI (100 percent)
0113 - DWM DPI Scaling : Disabled
0114 - DxDiag Version : 6.03.9600.17415
----------------------------------
02 - Processor
----------------------------------
----------------------------------
03 - Video Adapter
----------------------------------
----------------------------------
04 - Memory
----------------------------------
0401 - Total Memory : 7.872 GB
0402 - Free Memory : 5.341 GB
0403 - Total Pagefile : 15.872 GB
0404 - Free Pagefile : 13.468 GB
----------------------------------
05 - Network
----------------------------------
----------------------------------
06 - Motherboard
----------------------------------
----------------------------------
07 - Sound Device
----------------------------------
----------------------------------
08 - Harddisk
----------------------------------
----------------------------------
09 - Process
----------------------------------
0901 - 0000
[System Process]
0901 - 0004
System
0901 - 01f4
smss.exe
0901 - 02bc
csrss.exe
0901 - 02f8
wininit.exe
high C:\Windows\System32\wininit.exe
0901 - 0308 csrss.exe
0901 - 0334 winlogon.exe
high C:\Windows\System32\winlogon.exe
0901 - 0360 services.exe
0901 - 0368 lsass.exe
normal C:\Windows\System32\lsass.exe
0901 - 03b0 svchost.exe
normal C:\Windows\System32\svchost.exe
0901 - 03e0 svchost.exe
normal C:\Windows\System32\svchost.exe
0901 - 0190 svchost.exe
normal C:\Windows\System32\svchost.exe
0901 - 021c wsc_proxy.exe
normal C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
0901 - 02c4 dwm.exe
high C:\Windows\System32\dwm.exe
0901 - 02a0 svchost.exe
normal C:\Windows\System32\svchost.exe
0901 - 03fc svchost.exe
normal C:\Windows\System32\svchost.exe
0901 - 0410 igfxCUIService.exe
normal C:\Windows\System32\igfxCUIService.exe
0901 - 0434 svchost.exe
normal C:\Windows\System32\svchost.exe
0901 - 049c RtkAudioService64.exe
normal C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
0901 - 04b4 WTabletServicePro.exe
normal C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
0901 - 04c0 RAVBg64.exe
normal C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
0901 - 05b8 WacomHost.exe
normal C:\Program Files\Tablet\Wacom\WacomHost.exe
0901 - 05c0 svchost.exe
normal C:\Windows\System32\svchost.exe
0901 - 05e4 explorer.exe
normal C:\Windows\explorer.exe
0901 - 0628 igfxEM.exe
normal C:\Windows\System32\igfxEM.exe
0901 - 0630 igfxHK.exe
normal C:\Windows\System32\igfxHK.exe
0901 - 0638 igfxTray.exe
normal C:\Windows\System32\igfxTray.exe
0901 - 06b0 AvastSvc.exe
normal C:\Program Files\AVAST Software\Avast\AvastSvc.exe
0901 - 06d0 Wacom_TouchUser.exe
above normal C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
0901 - 0514 aswToolsSvc.exe
normal C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
0901 - 0894 spoolsv.exe
normal C:\Windows\System32\spoolsv.exe
0901 - 08ac svchost.exe
normal C:\Windows\System32\svchost.exe
0901 - 08e0 taskhostex.exe
normal C:\Windows\System32\taskhostex.exe
0901 - 09c4 armsvc.exe
normal C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
0901 - 0a10 avp.exe
normal C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 21.3\avp.exe
0901 - 0ab0 svchost.exe
normal C:\Windows\System32\svchost.exe
0901 - 0afc dasHost.exe
normal C:\Windows\System32\dasHost.exe
0901 - 0b08 MBAMIService.exe
normal C:\ProgramData\MB3Install\MBAMIService.exe
0901 - 0b50 GROOVE.EXE
normal C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
0901 - 0bac SMSvcHost.exe
normal C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
0901 - 0c08 OSE.EXE
normal C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\
OSE.EXE
0901 - 0c4c OSPPSVC.EXE
normal C:\Program Files\Common Files\microsoft shared\
OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
0901 - 0ccc aswEngSrv.exe
normal C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
0901 - 0d00 perfhost.exe
normal C:\Windows\SysWOW64\perfhost.exe
0901 - 0d78 GameManagerService.exe
normal C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
0901 - 1028 RazerCentralService.exe
normal C:\Program Files (x86)\Razer\Razer Services\Razer Central\
RazerCentralService.exe
0901 - 10d0 RzKLService.exe
normal C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
0901 - 1100 VpnSvc.exe
normal C:\Program Files\AVAST Software\SecureLine VPN\VpnSvc.exe
0901 - 11d4 svchost.exe
normal C:\Windows\System32\svchost.exe
0901 - 11e8 svchost.exe
normal C:\Windows\System32\svchost.exe
0901 - 1280 SearchIndexer.exe
normal C:\Windows\System32\SearchIndexer.exe
0901 - 10ec aswidsagent.exe
normal C:\Program Files\AVAST Software\Avast\aswidsagent.exe
0901 - 122c svchost.exe
normal C:\Windows\System32\svchost.exe
0901 - 148c Wacom_Tablet.exe
above normal C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
0901 - 151c unsecapp.exe
normal C:\Windows\System32\wbem\unsecapp.exe
0901 - 17d4 avpui.exe
normal C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 21.3\avpui.exe
0901 - 1660 AvastUI.exe
normal C:\Program Files\AVAST Software\Avast\AvastUI.exe
0901 - 1648 EpicUpdate.exe
normal C:\Users\Ramesh\AppData\Local\Epic Privacy Browser\Installer\
EpicUpdate.exe
0901 - 0738 GoogleCrashHandler.exe
idle C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
0901 - 08a4 GoogleCrashHandler64.exe
idle C:\Program Files (x86)\Google\Update\1.3.36.82\
GoogleCrashHandler64.exe
0901 - 1570 WmiPrvSE.exe
normal C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
0901 - 13c8 AvastUI.exe
above normal C:\Program Files\AVAST Software\Avast\AvastUI.exe
0901 - 070c AvastUI.exe
normal C:\Program Files\AVAST Software\Avast\AvastUI.exe
0901 - 0f7c taskhost.exe
below normal C:\Windows\System32\taskhost.exe
0901 - 1868 RazerCortex.exe
normal C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe
0901 - 0bb4 CefSharp.BrowserSubprocess.exe
normal C:\Program Files (x86)\Razer\Razer Cortex\Cef\
CefSharp.BrowserSubprocess.exe
0901 - 19d0 WmiPrvSE.exe
normal C:\Windows\System32\wbem\WmiPrvSE.exe
0901 - 1560 Razer Central.exe
normal C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer
Central.exe
0901 - 1ba0 CefSharp.BrowserSubprocess.exe
normal C:\Program Files (x86)\Razer\Razer Services\Razer Central\
CefSharp.BrowserSubprocess.exe
0901 - 0d84 CefSharp.BrowserSubprocess.exe
normal C:\Program Files (x86)\Razer\Razer Services\Razer Central\
CefSharp.BrowserSubprocess.exe
0901 - 18a8 PMRunner32.exe
normal C:\Program Files (x86)\Razer\Razer Cortex\PMRunner32.exe
0901 - 07e0 PMRunner64.exe
normal C:\Program Files (x86)\Razer\Razer Cortex\x64\PMRunner64.exe
0901 - 1bd0 taskeng.exe
below normal C:\Windows\System32\taskeng.exe
0901 - 10fc FPSRunner32.exe
normal C:\Program Files (x86)\Razer\Razer Cortex\FPSRunner32.exe
0901 - 1304 FPSRunner64.exe
normal C:\Program Files (x86)\Razer\Razer Cortex\x64\FPSRunner64.exe
----------------------------------
10 - Service
----------------------------------
----------------------------------
12 - Event Log
----------------------------------
Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3E7
Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Subject:
Security ID: S-1-5-18
Account Name: DOCKFIRST$
Account Domain: WORKGROUP
Logon ID: 0x3E7
Logon Type: 5
New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3E7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x39c
Process Name: C:\Windows\System32\services.exe
Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -
The subject fields indicate the account on the local system which requested the
logon. This is most commonly a service such as the Server service, or a local
process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common
types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e.
the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation
name is not always available and may be left blank in some cases.
The impersonation level field indicates the extent to which a process in the logon
session can impersonate.
Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3E7
Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Logon Type: 5
New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3E7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x39c
Process Name: C:\Windows\System32\services.exe
Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -
The subject fields indicate the account on the local system which requested the
logon. This is most commonly a service such as the Server service, or a local
process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common
types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e.
the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation
name is not always available and may be left blank in some cases.
The impersonation level field indicates the extent to which a process in the logon
session can impersonate.
Subject:
Security ID: S-1-5-18
Account Name: DOCKFIRST$
Account Domain: WORKGROUP
Logon ID: 0x3E7
Logon Type: 5
New Logon:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3E5
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x39c
Process Name: C:\Windows\System32\services.exe
Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -
The subject fields indicate the account on the local system which requested the
logon. This is most commonly a service such as the Server service, or a local
process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common
types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e.
the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation
name is not always available and may be left blank in some cases.
The impersonation level field indicates the extent to which a process in the logon
session can impersonate.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event
with a KDC event.
- Transited services indicate which intermediate services have participated
in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This will be
0 if no session key was requested.
Subject:
Security ID: S-1-5-90-1
Account Name: DWM-1
Account Domain: Window Manager
Logon ID: 0x13150
Privileges: SeAssignPrimaryTokenPrivilege
SeAuditPrivilege
Subject:
Security ID: S-1-5-90-1
Account Name: DWM-1
Account Domain: Window Manager
Logon ID: 0x13132
Privileges: SeAssignPrimaryTokenPrivilege
SeAuditPrivilege
SeImpersonatePrivilege
Subject:
Security ID: S-1-5-18
Account Name: DOCKFIRST$
Account Domain: WORKGROUP
Logon ID: 0x3E7
Logon Type: 2
New Logon:
Security ID: S-1-5-90-1
Account Name: DWM-1
Account Domain: Window Manager
Logon ID: 0x13150
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x370
Process Name: C:\Windows\System32\winlogon.exe
Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -
The subject fields indicate the account on the local system which requested the
logon. This is most commonly a service such as the Server service, or a local
process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common
types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e.
the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation
name is not always available and may be left blank in some cases.
The impersonation level field indicates the extent to which a process in the logon
session can impersonate.
Subject:
Security ID: S-1-5-18
Account Name: DOCKFIRST$
Account Domain: WORKGROUP
Logon ID: 0x3E7
Logon Type: 2
Impersonation Level: Impersonation
New Logon:
Security ID: S-1-5-90-1
Account Name: DWM-1
Account Domain: Window Manager
Logon ID: 0x13132
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x370
Process Name: C:\Windows\System32\winlogon.exe
Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -
The subject fields indicate the account on the local system which requested the
logon. This is most commonly a service such as the Server service, or a local
process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common
types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e.
the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation
name is not always available and may be left blank in some cases.
The impersonation level field indicates the extent to which a process in the logon
session can impersonate.
Logon Type: 7
New Logon:
Security ID: S-1-5-21-373589487-3119867508-454492495-1001
Account Name: Ramesh
Account Domain: DockFirst
Logon ID: 0x3CAFB0B9
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x360
Process Name: C:\Windows\System32\winlogon.exe
Network Information:
Workstation Name: DOCKFIRST
Source Network Address: 127.0.0.1
Source Port: 0
The subject fields indicate the account on the local system which requested the
logon. This is most commonly a service such as the Server service, or a local
process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common
types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e.
the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation
name is not always available and may be left blank in some cases.
The impersonation level field indicates the extent to which a process in the logon
session can impersonate.
----------------------------------