Report: Windows10Pro22H24624.txt | Windows11Pro22H24624.txt

Show spaces / tabs

Left file:	D:\Windows11Research\EventLogs\4624\Windows10Pro22H24624.txt
Right file:	D:\Windows11Research\EventLogs\4624\Windows11Pro22H24624.txt

Report type:

All (Matching and Differences)

Summary:

72 Line(s) match

6 Block(s) diff

5 : 7 Line(s) diff

Ignore options:

Ignore line terminators

		D:\Windows11Research\EventLogs\4624\Windows10Pro22H24624.txt		D:\Windows11Research\EventLogs\4624\Windows11Pro22H24624.txt
1		An account was successfully logged on.Subject:	1	An account was successfully logged on.Subject:
2		Security ID:	2	Security ID:
3			3
4		{SubjectUserSid}	4	{SubjectUserSid}
5		Account Name:	5	Account Name:
6			6
7		{SubjectUserName}	7	{SubjectUserName}
8		Account Domain:	8	Account Domain:
9			9
10		{SubjectDomainName}	10	{SubjectDomainName}
11		Logon ID:	11	Logon ID:
12			12
13		{SubjectLogonId}Logon Information:	13	{SubjectLogonId}Logon Information:
14		Logon Type:	14	Logon Type:
15			15
16		{LogonType}	16	{LogonType}
17		Restricted Admin Mode:	17	Restricted Admin Mode:
18		{SubjectUserName}2	18	{SubjectUserName}2
	!>		19	Remote Credential Guard:
	!>		20	{SubjectUserName}3
19		Virtual Account:	21	Virtual Account:
20			22
21	*	{SubjectUserName}5	23	{SubjectUserName}6
22		Elevated Token:	24	Elevated Token:
23			25
24	*	{SubjectUserName}7Impersonation Level:	26	{SubjectUserName}8Impersonation Level:
25			27
26		{SubjectUserName}1New Logon:	28	{SubjectUserName}1New Logon:
27		Security ID:	29	Security ID:
28			30
29		{TargetUserSid}	31	{TargetUserSid}
30		Account Name:	32	Account Name:
31			33
32		{TargetUserName}	34	{TargetUserName}
33		Account Domain:	35	Account Domain:
34			36
35		{TargetDomainName}	37	{TargetDomainName}
36		Logon ID:	38	Logon ID:
37			39
38		{TargetLogonId}	40	{TargetLogonId}
39		Linked Logon ID:	41	Linked Logon ID:
40			42
41	*	{SubjectUserName}6	43	{SubjectUserName}7
42		Network Account Name:	44	Network Account Name:
43	<!	{SubjectUserName}3
44	<!	Network Account Domain:
45		{SubjectUserName}4	45	{SubjectUserName}4
	!>		46	Network Account Domain:
	!>		47	{SubjectUserName}5
46		Logon GUID:	48	Logon GUID:
47			49
48		{SubjectUserSid}3Process Information:	50	{SubjectUserSid}3Process Information:
49		Process ID:	51	Process ID:
50			52
51		{SubjectUserSid}7	53	{SubjectUserSid}7
52		Process Name:	54	Process Name:
53			55
54		{SubjectUserSid}8Network Information:	56	{SubjectUserSid}8Network Information:
55		Workstation Name:	57	Workstation Name:
56		{SubjectUserSid}2	58	{SubjectUserSid}2
57		Source Network Address:	59	Source Network Address:
58		{SubjectUserSid}9	60	{SubjectUserSid}9
59		Source Port:	61	Source Port:
60			62
61		{SubjectUserName}0Detailed Authentication Information:	63	{SubjectUserName}0Detailed Authentication Information:
62		Logon Process:	64	Logon Process:
63			65
64		{SubjectUserSid}0	66	{SubjectUserSid}0
65		Authentication Package:	67	Authentication Package:
66		{SubjectUserSid}1	68	{SubjectUserSid}1
67		Transited Services:	69	Transited Services:
68		{SubjectUserSid}4	70	{SubjectUserSid}4
69		Package Name (NTLM only):	71	Package Name (NTLM only):
70		{SubjectUserSid}5	72	{SubjectUserSid}5
71		Key Length:	73	Key Length:
72			74
73		{SubjectUserSid}6This event is generated when a logon session is created. It is generated on the computer that was accessed.The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service; or a local process such as Winlogon.exe or Services.exe.The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).The New Logon fields indicate the account for whom the new logon was created; i.e. the account that was logged on.The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.The impersonation level field indicates the extent to which a process in the logon session can impersonate.The authentication information fields provide detailed information about this specific logon request.	75	{SubjectUserSid}6This event is generated when a logon session is created. It is generated on the computer that was accessed.The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service; or a local process such as Winlogon.exe or Services.exe.The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).The New Logon fields indicate the account for whom the new logon was created; i.e. the account that was logged on.The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.The impersonation level field indicates the extent to which a process in the logon session can impersonate.The authentication information fields provide detailed information about this specific logon request.
74		- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.	76	- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
75		- Transited services indicate which intermediate services have participated in this logon request.	77	- Transited services indicate which intermediate services have participated in this logon request.
76		- Package name indicates which sub-protocol was used among the NTLM protocols.	78	- Package name indicates which sub-protocol was used among the NTLM protocols.
77		- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.	79	- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.