sitelink1 | |
---|---|
sitelink2 | |
sitelink3 | |
extra_vars6 |
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>4624</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12544</Task>
<Opcode>0</Opcode>
<Keywords>0x8020000000000000</Keywords>
<TimeCreated SystemTime="2017-04-10T00:12:47.788113200Z" />
<EventRecordID>121423</EventRecordID>
<Correlation />
<Execution ProcessID="568" ThreadID="4040" />
<Channel>Security</Channel>
<Computer>TOBE-Project</Computer>
<Security />
</System>
- <EventData>
<Data Name="SubjectUserSid">S-1-5-18</Data>
<Data Name="SubjectUserName">TOBE-PROJECT$</Data> - 현재 OS의 컴퓨터 이름
<Data Name="SubjectDomainName">WORKGROUP</Data>
<Data Name="SubjectLogonId">0x3e7</Data>
<Data Name="TargetUserSid">S-1-5-21-92573392-3246979119-1767636761-500</Data>
<Data Name="TargetUserName">Administrator</Data> - 현재 OS에 로그온 시도하려는 아이디
<Data Name="TargetDomainName">TOBE-PROJECT</Data> - 현재 OS에 로그온 시도하려는 도메인 이름
<Data Name="TargetLogonId">0xd9ff659</Data>
<Data Name="LogonType">10</Data>
<Data Name="LogonProcessName">User32</Data>
<Data Name="AuthenticationPackageName">Negotiate</Data>
<Data Name="WorkstationName">TOBE-PROJECT</Data>
<Data Name="LogonGuid">{00000000-0000-0000-0000-000000000000}</Data>
<Data Name="TransmittedServices">-</Data>
<Data Name="LmPackageName">-</Data>
<Data Name="KeyLength">0</Data>
<Data Name="ProcessId">0x292c</Data>
<Data Name="ProcessName">C:\Windows\System32\winlogon.exe</Data>
<Data Name="IpAddress">172.10.12.11</Data> - 현재 OS에 로그온을 시도하려는 PC의 IP
<Data Name="IpPort">49885</Data> - 현재 OS에 로그온을 시도하려는 PC의 Port
</EventData>
</Event>