{
"system": {
"provider": "NTDS ISAM",
"guid": "",
"event_source_name": "",
"event_id": 327,
"version": 0,
"level": 4,
"task": 1,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2022-04-07T08:12:33.396715+00:00",
"event_record_id": 21,
"correlation": {},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Directory Service",
"computer": "WIN-FPV0DSIC9O6",
"security": {
"user_id": ""
}
},
"event_data": {
"Data": [
"NTDS",
"648,D,51",
"NTDSA: ",
"1",
"C:\\Windows\\NTDS\\ntds.dit",
"0",
"\n[1] 0.000002 +J(0)\n[2] 0.0 +J(0)\n[3] 0.004132 -0.004125 (1) WT +J(0) +M(C:44K, Fs:53, WS:100K # 0K, PF:48K # 0K, P:48K)\n[4] 0.000001 +J(0)\n[5] 0.0 +J(0)\n[6] 0.001773 -0.000372 (6) WT +J(0) +M(C:-16K, Fs:6, WS:-8K # 0K, PF:-16K # 0K, P:-16K)\n[7] 0.000029 +J(0)\n[8] 0.000381 -0.000070 (2) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3902/2)\n[9] 0.001097 -0.000213 (6) WT +J(0) +M(C:0K, Fs:4, WS:-20K # 0K, PF:-20K # 0K, P:-20K)\n[10] 0.000127 +J(0)\n[11] 0.000069 +J(0) +M(C:0K, Fs:0, WS:-8K # 0K, PF:-8K # 0K, P:-8K).",
"0 0",
"lgposDetach = 00000001:00BA:00C2"
]
},
"message": ""
}