API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 15th, 2018
129
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 24.10 KB | None | 0 0
raw download clone embed print report
  1. 13346 Nov 15 06:57 SuccessAudit Microsoft-Windows-Security-Auditing 4688 A new process has been created.
  2.  
  3. Creator Subject:
  4. Security ID: S-1-5-20
  5. Account Name: DESKTOP-74VJV8B$
  6. Account Domain: WORKGROUP
  7. Logon ID: 0x3e4
  8.  
  9. Target Subject:
  10. Security ID: S-1-0-0
  11. Account Name: -
  12. Account Domain: -
  13. Logon ID: 0x0
  14.  
  15. Process Information:
  16. New Process ID: 0x150c
  17. New Process Name: C
  18. Token Elevation Type: %%1936
  19. Mandatory Label: S-1-16-16384
  20. Creator Process ID: 0x1190
  21. Creator Process Name: C
  22. Process Command Line:
  23.  
  24. Token Elevation Type indicates the type
  25. of token that was assigned to the new
  26. process in accordance with User Account
  27. Control policy.
  28.  
  29. Type 1 is a full token with no
  30. privileges removed or groups disabled.
  31. A full token is only used if User
  32. Account Control is disabled or if the
  33. user is the built-in Administrator
  34. account or a service account.
  35.  
  36. Type 2 is an elevated token with no
  37. privileges removed or groups disabled.
  38. An elevated token is used when User
  39. Account Control is enabled and the user
  40. chooses to start the program using Run
  41. as administrator. An elevated token is
  42. also used when an application is
  43. configured to always require
  44. administrative privilege or to always
  45. require maximum privilege, and the user
  46. is a member of the Administrators group.
  47.  
  48. Type 3 is a limited token with
  49. administrative privileges removed and
  50. administrative groups disabled. The
  51. limited token is used when User Account
  52. Control is enabled, the application
  53. does not require administrative
  54. privilege, and the user does not choose
  55. to start the program using Run as
  56. administrator.
  57. 13345 Nov 15 06:57 SuccessAudit Microsoft-Windows-Security-Auditing 4656 A handle to an object was requested.
  58.  
  59. Subject:
  60. Security ID: S-1-5-18
  61. Account Name: DESKTOP-74VJV8B$
  62. Account Domain: WORKGROUP
  63. Logon ID: 0x3e7
  64.  
  65. Object:
  66. Object Server: Security
  67. Object Type: Key
  68. Object Name: \REGISTRY\MACHINE\SOFTWAR
  69. E\Microsoft\EnterpriseCertificates\Root\
  70. Certificates
  71. Handle ID: 0x484
  72. Resource Attributes: -
  73.  
  74. Process Information:
  75. Process ID: 0x4c0
  76. Process Name:
  77. C:\Windows\System32\CompatTelRunner.exe
  78.  
  79. Access Request Information:
  80. Transaction ID:
  81. {00000000-0000-0000-0000-000000000000}
  82. Accesses: %%1537
  83. %%1538
  84. %%4432
  85. %%4433
  86. %%4434
  87. %%4435
  88. %%4436
  89.  
  90. Access Reasons: -
  91. Access Mask: 0x3001f
  92. Privileges Used for Access Check: -
  93. Restricted SID Count: 0
  94. 13345 Nov 10:48 SuccessAudit Microsoft-Windows-Security-Auditing 4656 A handle to an object was requested.
  95.  
  96. Subject:
  97. Security ID: S-1-5-18
  98. Account Name: DESKTOP-74VJV8B$
  99. Account Domain: WORKGROUP
  100. Logon ID: 0x3e7
  101.  
  102. Object:
  103. Object Server: Security
  104. Object Type: Key
  105. Object Name: \REGISTRY\MACHINE\SOFTWAR
  106. E\Microsoft\EnterpriseCertificates\Root\
  107. Certificates
  108. Handle ID: 0x484
  109. Resource Attributes: -
  110.  
  111. Process Information:
  112. Process ID: 0x4c0
  113. Process Name:
  114. C:\Windows\System32\CompatTelRunner.exe
  115.  
  116. Access Request Information:
  117. Transaction ID:
  118. {00000000-0000-0000-0000-000000000000}
  119. Accesses: %%1537
  120. %%1538
  121. %%4432
  122. %%4433
  123. %%4434
  124. %%4435
  125. %%4436
  126.  
  127. Access Reasons: -
  128. Access Mask: 0x3001f
  129. Privileges Used for Access Check: -
  130. Restricted SID Count: 0
  131. 13344 Nov 15 06:57 SuccessAudit Microsoft-Windows-Security-Auditing 4656 A handle to an object was requested.
  132.  
  133. Subject:
  134. Security ID: S-1-5-18
  135. Account Name: DESKTOP-74VJV8B$
  136. Account Domain: WORKGROUP
  137. Logon ID: 0x3e7
  138.  
  139. Object:
  140. Object Server: Security
  141. Object Type: Key
  142. Object Name: \REGISTRY\MACHINE\SOFTWAR
  143. E\Policies\Microsoft\SystemCertificates\
  144. Root\Certificates
  145. Handle ID: 0x480
  146. Resource Attributes: -
  147.  
  148. Process Information:
  149. Process ID: 0x4c0
  150. Process Name:
  151. C:\Windows\System32\CompatTelRunner.exe
  152.  
  153. Access Request Information:
  154. Transaction ID:
  155. {00000000-0000-0000-0000-000000000000}
  156. Accesses: %%1537
  157. %%1538
  158. %%4432
  159. %%4433
  160. %%4434
  161. %%4435
  162. %%4436
  163.  
  164. Access Reasons: -
  165. Access Mask: 0x3001f
  166. Privileges Used for Access Check: -
  167. Restricted SID Count: 0
  168. 13343 Nov 15 06:57 SuccessAudit Microsoft-Windows-Security-Auditing 4656 A handle to an object was requested.
  169.  
  170. Subject:
  171. Security ID: S-1-5-18
  172. Account Name: DESKTOP-74VJV8B$
  173. Account Domain: WORKGROUP
  174. Logon ID: 0x3e7
  175.  
  176. Object:
  177. Object Server: Security
  178. Object Type: Key
  179. Object Name: \REGISTRY\MACHINE\SOFTWAR
  180. E\Microsoft\SystemCertificates\ROOT\Cert
  181. ificates
  182. Handle ID: 0x47c
  183. Resource Attributes: -
  184.  
  185. Process Information:
  186. Process ID: 0x4c0
  187. Process Name:
  188. C:\Windows\System32\CompatTelRunner.exe
  189.  
  190. Access Request Information:
  191. Transaction ID:
  192. {00000000-0000-0000-0000-000000000000}
  193. Accesses: %%1537
  194. %%1538
  195. %%4432
  196. %%4433
  197. %%4434
  198. %%4435
  199. %%4436
  200.  
  201. Access Reasons: -
  202. Access Mask: 0x3001f
  203. Privileges Used for Access Check: -
  204. Restricted SID Count: 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!