hi, about code 6281 (audit failure)

  • Thread starter Thread starter jaqua
  • Start date Start date
J

jaqua

Guest
hi, i've been seeing many audit failures on the even viewer and it looks very suspicious to me.

i want to find the ip address of that person who tried to connect to the user and i can't find it.

any help on how to it?

i'm no expert on WEF stuff.

<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
<EventID>6281</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12290</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2019-02-13T15:43:20.130982800Z" />
<EventRecordID>3952</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="64" />
<Channel>Security</Channel>
<Computer>HackerU7-PC.blackparade.local</Computer>
<Security />
</System>

- <EventData>
<Data Name="param1">\Device\HarddiskVolume2\Windows\System32\l3codeca.acm</Data>
</EventData>

More...
 
Back
Top