I have been investigating some suspicious activity on one of our servers. The investigation led me to look at the machine with the next higher IP address which is running Server 2003. While looking at the event logs, I noticed a bunch of activity, including kerberos network logins, user account changes, registry changes, etc. All of the entries appeared to be from the user with the Logon ID
0x0,0x3E7).
After spending a couple hours trying to correlate this ID to one of the Active Directory user accounts, I discovered that this term gives me A LOT of search engine hits. None of them seem to answer the basic question of what built in user or account is associated with this user.
Would someone please enlighten me as to the identity of this user ID 0x3E7 as it seems to be very busy at weird times of the day?
0x0,0x3E7).After spending a couple hours trying to correlate this ID to one of the Active Directory user accounts, I discovered that this term gives me A LOT of search engine hits. None of them seem to answer the basic question of what built in user or account is associated with this user.
Would someone please enlighten me as to the identity of this user ID 0x3E7 as it seems to be very busy at weird times of the day?
