Home > OS >  Consult Windows security logs - rundll32. Exe several user log management and the group policy manag
Consult Windows security logs - rundll32. Exe several user log management and the group policy manag

Time:09-23


Users to manage each user are enumerated, enumeration administrators security group management, users, guests, specific log is as follows:

User management:

Has enumerated the user's local group membership,


User:

Security ID: SYSTEM

Account name: miaocheng - hk $

The account domain: WORKGROUP

Login ID: 0 x3e7


User:

Security ID: miaocheng - hk \ DefaultAccount

Account name: DefaultAccount

Hk
account domain: miaocheng -

Process information:

The process ID: 0 x2ecc

Process name: C: \ Windows \ System32 \ rundll32 exe

Users log contents are the same is changed,

Security group management:

Has enumerated enabled security mechanism of local group membership,


User:

Security ID: SYSTEM

Account name: miaocheng - hk $

The account domain: WORKGROUP

Login ID: 0 x3e7


Groups:

Security ID: the BUILTIN \ Guests

Group name: Guests

Set the domain: Builtin


Process information:

The process ID: 0 x2ecc

Process name: C: \ Windows \ System32 \ rundll32 exe

The log content is the same user group is changed,

This log if there are any problems, some remote execution command?

CodePudding user response:

Have no abnormal connection, look at the network check system under the virus

Page link:https//www.codepudding.com/os/24302.html

Prev:When installing "installer can't locate the existing system partition, also unable to crea
Next:Help you how to use the CMD command file name change different directory
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding