(Provider_Name:ESENT EventID:325 Data:ntds.dit*) (Data:\:\\ntds.dit* OR Data:\\Appdata\\* OR Data:\\Desktop\\* OR Data:\\Downloads\\* OR Data:\\Perflogs\\* OR Data:\\Temp\\* OR Data:\\Users\\Public\\*)