Notifications
Clear all
General (Technical, Procedural, Software, Hardware etc.)
2
Posts
2
Users
0
Reactions
3,097
Views
Topic starter
03/12/2021 3:59 pm
Hello,Â
I am analyzing the output of Binalyze AIR from a system and I found in the SRUM date processes like:
svc.ownproc.s0.uc0.host2000000000000000_1.0.0.0_neutral__1234567890abc
... and usernames like:
LogonSessionId_8_336540230
Any idea where do they come from or what cause that kind of entries? I am not really sure what to lookup or google. I could find nothing in the ressources I know...
I hope you guys have some idea. Thanks in advance!
29/04/2024 12:52 am
Did you ever figure that out. I am examining SRUM DUMP on a system right now that is very similar to what you described. Thanks
Application:Â
| 2024-04-18 19:42:00 |
svc.ownproc.s0.uc0.host2000000000000000_1.0.0.0_neutral__1234567890abc  |
User SIDs
| S-1-5-5-0-103071 (unknown) |
| S-1-5-5-0-228055 (unknown) |
| S-1-5-5-0-315918 (unknown) |
| S-1-5-5-0-228025 (unknown) |
| S-1-5-5-0-131463 (unknown) |
| S-1-5-5-0-437556 (unknown) |
| S-1-5-5-0-198040 (unknown) |
| S-1-5-5-0-228091 (unknown) |
| S-1-5-5-0-253015 (unknown) |
| S-1-5-5-0-125478 (unknown) |
| S-1-5-5-0-178748 (unknown) |
| S-1-5-5-0-194635 (unknown) |
| S-1-5-5-0-494833 (unknown) |
| S-1-5-96-0-0 (unknown) |
| S-1-5-96-0-1 (unknown) |