Scribd Logo
Upload

Welcome to Scribd!

  • Event 4656 1

    Uploaded by

    ovex
    18 views1 page
    A user attempted to access process memory and query information about the lsass.exe process using Task Manager but was denied access due to insufficient privileges. The access attempt was logged with details about the subject, object, and process information involved in the request.

    Original Description:

    g

    Original Title

    event_4656_1

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    A user attempted to access process memory and query information about the lsass.exe process using Task Manager but was denied access due to insufficient privileges. The access attempt was logged with details about the subject, object, and process information involved in the request.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    18 views1 page

    Event 4656 1

    Uploaded by

    ovex
    A user attempted to access process memory and query information about the lsass.exe process using Task Manager but was denied access due to insufficient privileges. The access attempt was logged with details about the subject, object, and process information involved in the request.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    <Event

    xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider
    Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-
    3e3b0328c30d}'/><EventID>4656</EventID><Version>1</Version><Level>Information</Leve
    l><Task>Kernel Object</Task><Opcode>Info</Opcode><Keywords>Audit
    Failure</Keywords><TimeCreated SystemTime='2018-05-
    31T13:24:30.731973400Z'/><EventRecordID>15740910</EventRecordID><Correlation/><Exec
    ution ProcessID='1468' ThreadID='1484'/><Channel>Security</Channel><Computer>cmswg-
    cs-cx1v.cms.colt</Computer><Security/></System><EventData>A handle to an object was
    requested.

    Subject:
    Security ID: CMS\PPalaninathan1
    Account Name: ppalaninathan1
    Account Domain: CMS
    Logon ID: 0x15560DDC

    Object:
    Object Server: Security
    Object Type: Process
    Object Name: \Device\HarddiskVolume2\Windows\System32\lsass.exe
    Handle ID: 0x0
    Resource Attributes: -

    Process Information:
    Process ID: 0x2528
    Process Name: C:\Windows\System32\Taskmgr.exe

    Access Request Information:


    Transaction ID: {00000000-0000-0000-0000-000000000000}
    Accesses: Read from process memory
    Query process information
    Undefined Access (no effect) Bit 12

    Access Reasons: -
    Access Mask: 0x1410
    Privileges Used for Access Check: -
    Restricted SID Count: 0</EventData></Event>

    You might also like