---
Event_attributes:
  xmlns: http://schemas.microsoft.com/win/2004/08/events/event
Event:
  System:
    Provider_attributes:
      Name: Microsoft-Windows-Security-Auditing
      Guid: 54849625-5478-4994-A5BA-3E3B0328C30D
    EventID: 4624
    Version: 2
    Level: 0
    Task: 12544
    Opcode: 0
    Keywords: '0x8020000000000000'
    TimeCreated_attributes:
      SystemTime: 2022-10-11T19:26:52.154080Z
    EventRecordID: 31794
    Correlation_attributes:
      ActivityID: 5965E1C0-DDA7-0003-D8E1-6559A7DDD801
    Execution_attributes:
      ProcessID: 688
      ThreadID: 736
    Channel: Security
    Computer: DESKTOP-JK4Q86I
    Security: null
  EventData:
    SubjectUserSid: S-1-5-18
    SubjectUserName: DESKTOP-JK4Q86I$
    SubjectDomainName: WORKGROUP
    SubjectLogonId: '0x3e7'
    TargetUserSid: S-1-5-18
    TargetUserName: SYSTEM
    TargetDomainName: NT AUTHORITY
    TargetLogonId: '0x3e7'
    LogonType: 5
    LogonProcessName: 'Advapi  '
    AuthenticationPackageName: Negotiate
    WorkstationName: '-'
    LogonGuid: 00000000-0000-0000-0000-000000000000
    TransmittedServices: '-'
    LmPackageName: '-'
    KeyLength: 0
    ProcessId: '0x29c'
    ProcessName: C:\Windows\System32\services.exe
    IpAddress: '-'
    IpPort: '-'
    ImpersonationLevel: '%%1833'
    RestrictedAdminMode: '-'
    TargetOutboundUserName: '-'
    TargetOutboundDomainName: '-'
    VirtualAccount: '%%1843'
    TargetLinkedLogonId: '0x0'
    ElevatedToken: '%%1842'

---
Event_attributes:
  xmlns: http://schemas.microsoft.com/win/2004/08/events/event
Event:
  System:
    Provider_attributes:
      Name: Microsoft-Windows-Security-Auditing
      Guid: 54849625-5478-4994-A5BA-3E3B0328C30D
    EventID: 4624
    Version: 2
    Level: 0
    Task: 12544
    Opcode: 0
    Keywords: '0x8020000000000000'
    TimeCreated_attributes:
      SystemTime: 2022-10-11T19:26:56.066967Z
    EventRecordID: 31799
    Correlation_attributes:
      ActivityID: 5965E1C0-DDA7-0003-D8E1-6559A7DDD801
    Execution_attributes:
      ProcessID: 688
      ThreadID: 8108
    Channel: Security
    Computer: DESKTOP-JK4Q86I
    Security: null
  EventData:
    SubjectUserSid: S-1-5-18
    SubjectUserName: DESKTOP-JK4Q86I$
    SubjectDomainName: WORKGROUP
    SubjectLogonId: '0x3e7'
    TargetUserSid: S-1-5-18
    TargetUserName: SYSTEM
    TargetDomainName: NT AUTHORITY
    TargetLogonId: '0x3e7'
    LogonType: 5
    LogonProcessName: 'Advapi  '
    AuthenticationPackageName: Negotiate
    WorkstationName: '-'
    LogonGuid: 00000000-0000-0000-0000-000000000000
    TransmittedServices: '-'
    LmPackageName: '-'
    KeyLength: 0
    ProcessId: '0x29c'
    ProcessName: C:\Windows\System32\services.exe
    IpAddress: '-'
    IpPort: '-'
    ImpersonationLevel: '%%1833'
    RestrictedAdminMode: '-'
    TargetOutboundUserName: '-'
    TargetOutboundDomainName: '-'
    VirtualAccount: '%%1843'
    TargetLinkedLogonId: '0x0'
    ElevatedToken: '%%1842'

