[{"Event_attributes":{"xmlns":"http://schemas.microsoft.com/win/2004/08/events/event"},"Event":{"System":{"Provider_attributes":{"Name":"Microsoft-Windows-Security-Auditing","Guid":"54849625-5478-4994-A5BA-3E3B0328C30D"},"EventID":4624,"Version":2,"Level":0,"Task":12544,"Opcode":0,"Keywords":"0x8020000000000000","TimeCreated_attributes":{"SystemTime":"2022-10-11T19:26:52.154080Z"},"EventRecordID":31794,"Correlation_attributes":{"ActivityID":"5965E1C0-DDA7-0003-D8E1-6559A7DDD801"},"Execution_attributes":{"ProcessID":688,"ThreadID":736},"Channel":"Security","Computer":"DESKTOP-JK4Q86I","Security":null},"EventData":{"SubjectUserSid":"S-1-5-18","SubjectUserName":"DESKTOP-JK4Q86I$","SubjectDomainName":"WORKGROUP","SubjectLogonId":"0x3e7","TargetUserSid":"S-1-5-18","TargetUserName":"SYSTEM","TargetDomainName":"NT AUTHORITY","TargetLogonId":"0x3e7","LogonType":5,"LogonProcessName":"Advapi  ","AuthenticationPackageName":"Negotiate","WorkstationName":"-","LogonGuid":"00000000-0000-0000-0000-000000000000","TransmittedServices":"-","LmPackageName":"-","KeyLength":0,"ProcessId":"0x29c","ProcessName":"C:\\Windows\\System32\\services.exe","IpAddress":"-","IpPort":"-","ImpersonationLevel":"%%1833","RestrictedAdminMode":"-","TargetOutboundUserName":"-","TargetOutboundDomainName":"-","VirtualAccount":"%%1843","TargetLinkedLogonId":"0x0","ElevatedToken":"%%1842"}}},{"Event_attributes":{"xmlns":"http://schemas.microsoft.com/win/2004/08/events/event"},"Event":{"System":{"Provider_attributes":{"Name":"Microsoft-Windows-Security-Auditing","Guid":"54849625-5478-4994-A5BA-3E3B0328C30D"},"EventID":4624,"Version":2,"Level":0,"Task":12544,"Opcode":0,"Keywords":"0x8020000000000000","TimeCreated_attributes":{"SystemTime":"2022-10-11T19:26:56.066967Z"},"EventRecordID":31799,"Correlation_attributes":{"ActivityID":"5965E1C0-DDA7-0003-D8E1-6559A7DDD801"},"Execution_attributes":{"ProcessID":688,"ThreadID":8108},"Channel":"Security","Computer":"DESKTOP-JK4Q86I","Security":null},"EventData":{"SubjectUserSid":"S-1-5-18","SubjectUserName":"DESKTOP-JK4Q86I$","SubjectDomainName":"WORKGROUP","SubjectLogonId":"0x3e7","TargetUserSid":"S-1-5-18","TargetUserName":"SYSTEM","TargetDomainName":"NT AUTHORITY","TargetLogonId":"0x3e7","LogonType":5,"LogonProcessName":"Advapi  ","AuthenticationPackageName":"Negotiate","WorkstationName":"-","LogonGuid":"00000000-0000-0000-0000-000000000000","TransmittedServices":"-","LmPackageName":"-","KeyLength":0,"ProcessId":"0x29c","ProcessName":"C:\\Windows\\System32\\services.exe","IpAddress":"-","IpPort":"-","ImpersonationLevel":"%%1833","RestrictedAdminMode":"-","TargetOutboundUserName":"-","TargetOutboundDomainName":"-","VirtualAccount":"%%1843","TargetLinkedLogonId":"0x0","ElevatedToken":"%%1842"}}}]
