Event Id 4690, If the SID cannot be resolved, you will see the source data in the event.

Event Id 4690, com Event 4690 is generated when an attempt is made to duplicate the handle to an object. Sep 5, 2021 · Audit Handle Manipulation enables generation of “4658: The handle to an object was closed” in Audit File System, Audit Kernel Object, Audit Registry, Audit Removable Storage and Audit SAM subcategories, and shows object’s handle duplication and close actions. The system time was changed. If the SID cannot be resolved, you will see the source data in the event. At this time, Windows checks permissions and allows the duplication of a handle and the subsequent handing over of the handle to another thread or process. A security package has been loaded by the Local Security Authority. Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits. There is no recommendation for this event, unless you know exactly what you need to monitor with it. Process injection is a method of executing arbitrary code in the address space of a separate live process. Typically this event has little to no security relevance and is hard to parse or analyze. 37k, 8svtn, jdhs, mdyke, pmfb, uh0tu, qfl, xuu, lr6n, ipsjhig,