Microsoft-Windows-SEC
61 events across 1 channel
| Event ID | Title | Channel |
|---|---|---|
| 1 | Operational | |
| 2 | Operational | |
| 3 | Operational | |
| 4 | Operational | |
| 5 | Operational | |
| 6 | Operational | |
| 7 | Operational | |
| 8 | Operational | |
| 9 | Operational | |
| 10 | Operational | |
| 11 | Operational | |
| 12 | Operational | |
| 13 | Operational | |
| 14 | Operational | |
| 15 | Operational | |
| 16 | Operational | |
| 17 | Operational | |
| 18 | Operational | |
| 19 | Operational | |
| 20 | Operational | |
| 21 | Operational | |
| 22 | Operational | |
| 23 | Operational | |
| 24 | Operational | |
| 25 | Operational | |
| 26 | Operational | |
| 27 | Operational | |
| 28 | Operational | |
| 29 | Operational | |
| 30 | Operational | |
| 31 | Operational | |
| 32 | Operational | |
| 33 | Operational | |
| 34 | Operational | |
| 35 | Operational | |
| 36 | Operational | |
| 37 | Operational | |
| 38 | Operational | |
| 39 | Operational | |
| 40 | Operational | |
| 41 | Operational | |
| 42 | Operational | |
| 43 | Operational | |
| 44 | Operational | |
| 45 | Operational | |
| 46 | Operational | |
| 47 | Operational | |
| 48 | Operational | |
| 49 | Operational | |
| 50 | Operational | |
| 51 | Operational | |
| 52 | Operational | |
| 53 | Operational | |
| 54 | Operational | |
| 55 | Operational | |
| 56 | Operational | |
| 57 | Operational | |
| 58 | Operational | |
| 59 | Operational | |
| 60 | Operational | |
| 61 | Operational |
Event ID 1 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ThreadId | — |
UserSid | — |
SessionId | — |
CreatorProcessId | — |
CreatorProcessTime | — |
CreatorProcessName | — |
ProcessName | — |
CommandLine | — |
ImageSHA256 | — |
ImageSHA1 | — |
ImageMD5 | — |
PartialCRC1 | — |
PartialCRC2 | — |
PartialCRC3 | — |
MotW | — |
IntegrityLevel | — |
TokenElevationType | — |
Elevated | — |
Impersonation | — |
SubjectLogonId | — |
ProcessStartKey | — |
CreatorProcessStartKey | — |
CommandLineTruncated | — |
CommandLineSize | — |
ImageLSH | — |
MitigationPolicy | — |
ProtectionLevel | — |
EnterprisePolicy | — |
InferredParentProcessId | — |
InferredParentProcessTime | — |
InferredParentProcessName | — |
InferredParentProcessStartKey | — |
CiIsSigningChainValid | — |
CiIsMicrosoftRoot | — |
CiIsMicrosoftApplicationRoot | — |
CiSigningLevel | — |
ImageOriginalName | — |
CreationAnomalies | — |
InitialThreadId | — |
InitialThreadStartAddress | — |
WindowFlags | — |
ShowWindowFlags | — |
StandardInputDeviceType | — |
StandardOutputDeviceType | — |
StandardErrorDeviceType | — |
DesktopInfo | — |
Event ID 2 —
Fields
| Name | Description |
|---|---|
DriverUnloadTime | — |
Event ID 3 —
Fields
| Name | Description |
|---|---|
DriverLoadTime | — |
Event ID 4 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ThreadId | — |
UserSid | — |
SessionId | — |
FileName | — |
FileAttributes | — |
Dispositon | — |
ProcessStartKey | — |
RequestSource | — |
ShareName | — |
RemoteIpAddressLength | — |
RemoteIpAddress | — |
Event ID 5 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ThreadId | — |
UserSid | — |
SessionId | — |
FileName | — |
NewFileName | — |
FileAttributes | — |
ProcessStartKey | — |
RequestSource | — |
ShareName | — |
RemoteIpAddressLength | — |
RemoteIpAddress | — |
Event ID 6 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ThreadId | — |
UserSid | — |
SessionId | — |
FileName | — |
FileAttributes | — |
ProcessStartKey | — |
IsSensitive | — |
RequestSource | — |
ShareName | — |
RemoteIpAddressLength | — |
RemoteIpAddress | — |
Event ID 7 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ThreadId | — |
UserSid | — |
SessionId | — |
FileName | — |
FileAttributes | — |
ProcessStartKey | — |
IsSensitive | — |
RequestSource | — |
ShareName | — |
RemoteIpAddressLength | — |
RemoteIpAddress | — |
Event ID 8 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ThreadId | — |
UserSid | — |
SessionId | — |
Key | — |
ProcessStartKey | — |
Event ID 9 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ThreadId | — |
UserSid | — |
SessionId | — |
Key | — |
ProcessStartKey | — |
Event ID 10 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ThreadId | — |
UserSid | — |
SessionId | — |
Key | — |
NewKey | — |
ProcessStartKey | — |
Event ID 11 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ThreadId | — |
UserSid | — |
SessionId | — |
Key | — |
Hive | — |
RestoreFlags | — |
ProcessStartKey | — |
Event ID 12 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ThreadId | — |
UserSid | — |
SessionId | — |
Key | — |
Hive | — |
NewHive | — |
ProcessStartKey | — |
Event ID 13 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ThreadId | — |
UserSid | — |
SessionId | — |
Key | — |
Value | — |
OldValueDataType | — |
OldValueDataSize | — |
OldValueCopiedSize | — |
OldValueData | — |
NewValueDataType | — |
NewValueDataSize | — |
NewValueCopiedSize | — |
NewValueData | — |
ProcessStartKey | — |
Event ID 14 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ThreadId | — |
UserSid | — |
SessionId | — |
VolumeName | — |
VolReadOffset | — |
VolReadSize | — |
SystemVolume | — |
ProcessStartKey | — |
VolumeShadowCopy | — |
Event ID 15 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ThreadId | — |
UserSid | — |
SessionId | — |
VolumeName | — |
AccessMask | — |
SystemVolume | — |
ProcessStartKey | — |
VolumeShadowCopy | — |
Event ID 16 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ThreadId | — |
UserSid | — |
SessionId | — |
Key | — |
Value | — |
DataType | — |
ValueDataSize | — |
ValueCopiedSize | — |
ValueData | — |
ProcessStartKey | — |
Event ID 17 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ThreadId | — |
UserSid | — |
SessionId | — |
PipeName | — |
RemoteClientsAccess | — |
NamedPipeEnd | — |
DesiredAccess | — |
FileOperation | — |
ProcessStartKey | — |
ShareName | — |
RemoteIpAddressLength | — |
RemoteIpAddress | — |
Event ID 18 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ThreadId | — |
UserSid | — |
SessionId | — |
TargetProcessId | — |
TargetProcessTime | — |
TargetProcessName | — |
TargetThreadId | — |
TargetThreadStartAddress | — |
StartAddressVadQueryResult | — |
StartAddressVadAllocationBase | — |
StartAddressVadAllocationProtect | — |
StartAddressVadRegionType | — |
StartAddressVadRegionSize | — |
StartAddressVadProtect | — |
SourceProcessStartKey | — |
TargetProcessStartKey | — |
MappedModuleName | — |
Event ID 19 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ThreadId | — |
UserSid | — |
SessionId | — |
TargetProcessId | — |
TargetProcessTime | — |
TargetProcess | — |
Access | — |
SourceProcessStartKey | — |
TargetProcessStartKey | — |
Event ID 20 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ThreadId | — |
UserSid | — |
SessionId | — |
Desktop | — |
Access | — |
Duplicate | — |
Kernel | — |
ProcessStartKey | — |
Event ID 21 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ThreadId | — |
UserSid | — |
SessionId | — |
VolumeName | — |
VolWriteOffset | — |
VolWriteSize | — |
SystemVolume | — |
ProcessStartKey | — |
VolumeShadowCopy | — |
Event ID 22 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ThreadId | — |
UserSid | — |
SessionId | — |
ProcessName | — |
CommandLine | — |
ProcessStartKey | — |
CommandLineTruncated | — |
CommandLineSize | — |
Event ID 23 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ThreadId | — |
UserSid | — |
SessionId | — |
ImageName | — |
MotW | — |
ImageSHA256 | — |
ImageSHA1 | — |
ImageMD5 | — |
PartialCRC1 | — |
PartialCRC2 | — |
PartialCRC3 | — |
SystemModeImage | — |
LoadImageAddress | — |
ProcessStartKey | — |
LoadImageSize | — |
ImageLSH | — |
CiIsSigningChainValid | — |
CiIsMicrosoftRoot | — |
CiIsMicrosoftApplicationRoot | — |
CiSigningLevel | — |
ImageOriginalName | — |
ImageSignatureLevel | — |
ImageDeviceType | — |
ImageDeviceCharacteristics | — |
ImageDeviceFlags | — |
Event ID 24 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ThreadId | — |
UserSid | — |
SessionId | — |
ImageName | — |
MotW | — |
ImageSHA256 | — |
ImageSHA1 | — |
ImageMD5 | — |
PartialCRC1 | — |
PartialCRC2 | — |
PartialCRC3 | — |
ImageSignatureLevel | — |
ImageSignatureType | — |
CurrentCodeIntegrityOptions | — |
OriginalCodeIntegrityOptions | — |
ProcessStartKey | — |
ImageBase | — |
ImageSize | — |
ImageLSH | — |
Event ID 25 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
AffectedProcessId | — |
AffectedProcessTime | — |
CurrentTokenPointer | — |
CurrentTokenSource | — |
CurrentTokenPrivPresent | — |
CurrentTokenPrivEnabled | — |
CurrentTokenPrivEnabledByDefault | — |
CurrentTokenIntegrityLevel | — |
CurrentTokenUserSid | — |
PreviousTokenPointer | — |
PreviousTokenSource | — |
PreviousTokenPrivPresent | — |
PreviousTokenPrivEnabled | — |
PreviousTokenPrivEnabledByDefault | — |
PreviousTokenIntegrityLevel | — |
PreviousTokenUserSid | — |
OriginalTokenPointer | — |
OriginalTokenSource | — |
OriginalTokenPrivPresent | — |
OriginalTokenPrivEnabled | — |
OriginalTokenPrivEnabledByDefault | — |
OriginalTokenIntegrityLevel | — |
OriginalTokenUserSid | — |
SystemTokenPointer | — |
InlineCheck | — |
AffectedProcessStartKey | — |
PrimaryTokenFrozen | — |
ParentTokenIntegrityLevel | — |
Event ID 26 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ProcessStartKey | — |
ThreadId | — |
UserSid | — |
SessionId | — |
NormalizedSharePath | — |
ShareName | — |
SocketAddress | — |
OpenDirection | — |
Event ID 27 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
AffectedProcessId | — |
AffectedProcessStartKey | — |
AffectedProcessTime | — |
InlineCheck | — |
CurrentDaclPointer | — |
CurrentDaclValidAceList | — |
CurrentDaclAceCount | — |
CurrentDaclSids | — |
CurrentDaclAccessMaskBlobSize | — |
CurrentDaclAccessMasks | — |
PreviousDaclPointer | — |
PreviousDaclValidAceList | — |
PreviousDaclAceCount | — |
PreviousDaclSids | — |
PreviousDaclAccessMaskBlobSize | — |
PreviousDaclAccessMasks | — |
OriginalDaclPointer | — |
OriginalDaclValidAceList | — |
OriginalDaclAceCount | — |
OriginalDaclSids | — |
OriginalDaclAccessMaskBlobSize | — |
OriginalDaclAccessMasks | — |
Event ID 28 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessStartKey | — |
Flags | — |
ThreadId | — |
CallerAddress | — |
StartAddress | — |
BackTraceSize | — |
BackTrace | — |
TargetCodeSize | — |
TargetCode | — |
CallerCodeSize | — |
CallerCode | — |
Event ID 29 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
CurrentValue | — |
OriginalValue | — |
IsSynchronous | — |
Event ID 30 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
CurrentValue | — |
PreviousValue | — |
OriginalValue | — |
IsSynchronous | — |
Event ID 31 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ProcessStartKey | — |
ThreadId | — |
UserSid | — |
RequestSource | — |
ShareName | — |
RemoteIpAddressLength | — |
RemoteIpAddress | — |
Event ID 32 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
SuspiciousPointerIndex | — |
TableSize | — |
Table | — |
CodeSize | — |
Code | — |
Event ID 33 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
SuspiciousPointerIndex | — |
TableSize | — |
Table | — |
CodeSize | — |
Code | — |
Event ID 34 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ThreadId | — |
UserSid | — |
SessionId | — |
TargetProcessId | — |
TargetProcessTime | — |
TargetProcess | — |
Access | — |
SourceProcessStartKey | — |
TargetProcessStartKey | — |
Event ID 35 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ThreadId | — |
UserSid | — |
SessionId | — |
FileName | — |
OriginalCreationTime | — |
OriginalLastAccessTime | — |
OriginalLastWriteTime | — |
OriginalChangeTime | — |
ModifiedCreationTime | — |
ModifiedLastAccessTime | — |
ModifiedLastWriteTime | — |
ModifiedChangeTime | — |
FileAttributes | — |
ProcessStartKey | — |
Event ID 36 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
AffectedProcessId | — |
AffectedProcessTime | — |
AffectedProcessStartKey | — |
InlineCheck | — |
Event ID 37 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ImageName | — |
ImageBase | — |
ImageSize | — |
DriverName | — |
DriverObject | — |
DriverInit | — |
DriverStartIo | — |
DriverUnload | — |
MajorFunctionArraySize | — |
MajorFunctionArray | — |
FastIoDispatchArraySize | — |
FastIoDispatchArray | — |
SuspiciousDispatchBitmap | — |
ContextInfoArraySize | — |
ContextInfoArray | — |
Event ID 38 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ProcessStartKey | — |
OldFlags | — |
NewFlags | — |
Event ID 39 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
SourceThreadId | — |
TargetThreadId | — |
UserSid | — |
TargetProcessId | — |
TargetProcessTime | — |
AccessMask | — |
ProcessStartKey | — |
TargetProcessStartKey | — |
Event ID 40 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ThreadId | — |
UserSid | — |
SessionId | — |
FileName | — |
FileAttributes | — |
ProcessStartKey | — |
IsSensitive | — |
RequestSource | — |
ShareName | — |
RemoteIpAddressLength | — |
RemoteIpAddress | — |
Event ID 41 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ThreadId | — |
UserSid | — |
SessionId | — |
Key | — |
Value | — |
ProcessStartKey | — |
Event ID 42 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ThreadId | — |
UserSid | — |
SessionId | — |
FileName | — |
FileAttributes | — |
DesiredAccess | — |
Dispositon | — |
ProcessStartKey | — |
VolumeShadowCopy | — |
FileOpenSource | — |
ShareAccess | — |
RequestSource | — |
ShareName | — |
RemoteIpAddressLength | — |
RemoteIpAddress | — |
Event ID 43 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ThreadId | — |
UserSid | — |
SessionId | — |
FileName | — |
NewFileName | — |
FileAttributes | — |
ProcessStartKey | — |
RequestSource | — |
ShareName | — |
RemoteIpAddressLength | — |
RemoteIpAddress | — |
Event ID 44 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ThreadId | — |
UserSid | — |
SessionId | — |
Key | — |
FileName | — |
ProcessStartKey | — |
Event ID 45 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ThreadId | — |
UserSid | — |
SessionId | — |
Key | — |
ProcessStartKey | — |
SecurityInformation | — |
OriginalSecurityDescriptor | — |
NewSecurityDescriptor | — |
Event ID 46 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
AffectedProcessId | — |
AffectedProcessTime | — |
AffectedProcessStartKey | — |
InlineCheck | — |
OriginalCommandLine | — |
ModifiedCommandLine | — |
CorruptedCommandLine | — |
Event ID 47 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ProcessStartKey | — |
IoControlCode | — |
DeviceName | — |
VolumeName | — |
MaximumVolumeSpace | — |
ApplicationGuid | — |
Event ID 48 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ProcessStartKey | — |
DriverName | — |
DriverOriginalName | — |
FunctionName | — |
IsEnforced | — |
Event ID 49 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ProcessStartKey | — |
DriverName | — |
DriverOriginalName | — |
TargetDevice | — |
MajorFunction | — |
IoControlCode | — |
IsEnforced | — |
Event ID 50 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ProcessStartKey | — |
FileName | — |
OperationBlocked | — |
UserSid | — |
ShareName | — |
RemoteIpAddressLength | — |
RemoteIpAddress | — |
Tag | — |
Event ID 51 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ProcessStartKey | — |
KeyName | — |
ValueName | — |
RegistryOperations | — |
OperationBlocked | — |
Event ID 52 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ProcessStartKey | — |
FileName | — |
OperationBlocked | — |
UserSid | — |
ShareName | — |
RemoteIpAddressLength | — |
RemoteIpAddress | — |
Tag | — |
Event ID 53 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
TimeBeforeAcquiringLock | — |
TimeAfterAcquiringLock | — |
TimeBeforeReleasingLock | — |
StatusOplockAcquiring | — |
StatusFileOpening | — |
StatusDuplicateHandle | — |
FileName | — |
Access | — |
ShareMode | — |
OpenFlags | — |
Event ID 54 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
TimeBeforeAcquiringLock | — |
TimeAfterAcquiringLock | — |
TimeBeforeReleasingLock | — |
StatusBeforeRetry | — |
StatusOfRetry | — |
StatusAfterRetry | — |
FileName | — |
ProcessId | — |
ProcessStartKey | — |
ProcessCreationTime | — |
IoFunction | — |
Access | — |
ShareMode | — |
OpenFlags | — |
Event ID 55 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ThreadId | — |
UserSid | — |
SessionId | — |
Key | — |
Value | — |
ProcessStartKey | — |
Event ID 56 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ProcessStartKey | — |
FileName | — |
OperationBlocked | — |
UserSid | — |
ShareName | — |
RemoteIpAddressLength | — |
RemoteIpAddress | — |
Tag | — |
Event ID 57 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ProcessStartKey | — |
FileName | — |
OperationBlocked | — |
UserSid | — |
ShareName | — |
RemoteIpAddressLength | — |
RemoteIpAddress | — |
Tag | — |
Event ID 58 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
ProcessId | — |
ProcessTime | — |
ThreadId | — |
UserSid | — |
SessionId | — |
Key | — |
ProcessStartKey | — |
Event ID 59 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
SuspiciousEntryIndex | — |
TableSize | — |
Table | — |
CodeSize | — |
Code | — |
Event ID 60 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
CurrentValue | — |
OriginalValue | — |
IsSynchronous | — |
Event ID 61 —
Fields
| Name | Description |
|---|---|
SequenceNumber | — |
CurrentValue | — |
OriginalValue | — |
IsSynchronous | — |