I was wondering if someone could help me to better understand the following alert.
I have an alert of accessed restricted asset for the first time using c:\windows\system32\inetsrv\w3wp.exe. In this alert I have two logs using the service w3wp.exe with event code 4648 and two using the service: “advapi” with event code 4624. I have done some research online and I still can not figure out what was the user’s action to generate this alert. I wanted to better understand what is w3wp.exe, advapi and what was the user action.