DateTime
|
Date/Time of event origination in GMT format.
|
DateTime
|
10.10.2000 19:00:00
|
Source
|
Name of an Application or System Service originating the event.
|
Source
|
Security
|
Type
|
Warning, Information, Error, Success, Failure, etc.
|
Type
|
Success
|
User
|
Domain\Account name of user/service/computer initiating event.
|
User
|
RESEARCH\Alebovsky
|
Computer
|
Name of server workstation where event was logged.
|
Computer
|
DC1
|
EventID
|
Numerical ID of event. Unique within one Event Source.
|
EventId
|
576
|
Description
|
The entire unparsed event message.
|
Description
|
Special privileges assigned to new logon.
|
Log Name
|
The name of the event log (e.g. Application, Security, System, etc.)
|
LogName
|
Security
|
Category
|
A name for a subclass of events within the same Event Source.
|
Category
|
Logon/Logoff
|
Primary User Name
|
Name of the account under which the assigning process was run
|
InsertionString3
|
DC-AD$
|
Primary Domain
|
Domain of the Primary User Name account
|
InsertionString4
|
ANNADOMAIN
|
Primary Logon ID
|
Logon session ID of the Primary User Name account. It allows to correlate other activity of this user during the same logon session.
|
InsertionString5
|
(0x0,0x3E7)
|
Target User Name
|
Name of the account under which the new (child) process is run
|
InsertionString8
|
AdminDC-AD
|
Target Domain
|
Domain of the Target User Name account
|
InsertionString9
|
ANNADOMAIN
|
Target Logon ID
|
Logon session ID of the Target User Name account. It allows to correlate other activity of this user during the same logon session.
|
InsertionString10
|
(0x0,0x712ED0)
|
Assigning Process ID
|
ID of the process that started the child (new) process
|
InsertionString1
|
688
|
Assigning Process Image File Name
|
Full path and the name of executable of the assigning process
|
InsertionString2
|
C:\WINDOWS\system32\winlogon.exe
|
New Process ID
|
ID of the child process that was started under the Target User Name
|
InsertionString6
|
632
|
New Process Image File Name
|
Full path and the name of executable of the started process
|
InsertionString7
|
C:\WINDOWS\system32\userinit.exe
|