What does this mean? i dont know

James Catignani 1 Reputation point
2021-02-18T03:20:43.867+00:00

Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 2/17/2021 8:59:47 PM
Event ID: 4798
Task Category: User Account Management
Level: Information
Keywords: Audit Success
User: N/A
Computer: ₩яξ₭ɐɓ3
Description:
A user's local group membership was enumerated.

Subject:
Security ID: SYSTEM
Account Name: ₩ЯΞ₭ⱯƁ3$
Account Domain: WORKGROUP
Logon ID: 0x3E7

User:
Security ID: ₩ЯΞ₭ⱯƁ3\Sh1pw
Account Name: Sh1pw
Account Domain: ₩ЯΞ₭ⱯƁ3

Process Information:
Process ID: 0x3478
Process Name: C:\Windows\System32\svchost.exe
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
<EventID>4798</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>13824</Task>
<Opcode>0</Opcode>
<Keywords>0x8020000000000000</Keywords>
<TimeCreated SystemTime="2021-02-18T02:59:47.7647001Z" />
<EventRecordID>523322</EventRecordID>
<Correlation ActivityID="{9c8fd9ee-0584-0002-4dda-8f9c8405d701}" />
<Execution ProcessID="1876" ThreadID="1992" />
<Channel>Security</Channel>
<Computer>₩яξ₭ɐɓ3</Computer>
<Security />
</System>
<EventData>
<Data Name="TargetUserName">Sh1pw</Data>
<Data Name="TargetDomainName">₩ЯΞ₭ⱯƁ3</Data>
<Data Name="TargetSid">S-1-5-21-1113403384-3899203820-1351869875-1010</Data>
<Data Name="SubjectUserSid">S-1-5-18</Data>
<Data Name="SubjectUserName">₩ЯΞ₭ⱯƁ3$</Data>
<Data Name="SubjectDomainName">WORKGROUP</Data>
<Data Name="SubjectLogonId">0x3e7</Data>
<Data Name="CallerProcessId">0x3478</Data>
<Data Name="CallerProcessName">C:\Windows\System32\svchost.exe</Data>
</EventData>
</Event>

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,953 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Hannah Xiong 6,276 Reputation points
    2021-02-18T05:43:38.03+00:00

    Hello,

    Thank you so much for posting here.

    When we enabled Audit User Account Management, this event would be recorded in the event viewer. This event 4798 indicated that A user's local group membership was enumerated.

    For more information about this event, we could refer to:
    https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4798

    Best regards,
    Hannah Xiong

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.