Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 13346 Nov 15 06:57 SuccessAudit Microsoft-Windows-Security-Auditing 4688 A new process has been created.
- Creator Subject:
- Security ID: S-1-5-20
- Account Name: DESKTOP-74VJV8B$
- Account Domain: WORKGROUP
- Logon ID: 0x3e4
- Target Subject:
- Security ID: S-1-0-0
- Account Name: -
- Account Domain: -
- Logon ID: 0x0
- Process Information:
- New Process ID: 0x150c
- New Process Name: C
- Token Elevation Type: %%1936
- Mandatory Label: S-1-16-16384
- Creator Process ID: 0x1190
- Creator Process Name: C
- Process Command Line:
- Token Elevation Type indicates the type
- of token that was assigned to the new
- process in accordance with User Account
- Control policy.
- Type 1 is a full token with no
- privileges removed or groups disabled.
- A full token is only used if User
- Account Control is disabled or if the
- user is the built-in Administrator
- account or a service account.
- Type 2 is an elevated token with no
- privileges removed or groups disabled.
- An elevated token is used when User
- Account Control is enabled and the user
- chooses to start the program using Run
- as administrator. An elevated token is
- also used when an application is
- configured to always require
- administrative privilege or to always
- require maximum privilege, and the user
- is a member of the Administrators group.
- Type 3 is a limited token with
- administrative privileges removed and
- administrative groups disabled. The
- limited token is used when User Account
- Control is enabled, the application
- does not require administrative
- privilege, and the user does not choose
- to start the program using Run as
- administrator.
- 13345 Nov 15 06:57 SuccessAudit Microsoft-Windows-Security-Auditing 4656 A handle to an object was requested.
- Subject:
- Security ID: S-1-5-18
- Account Name: DESKTOP-74VJV8B$
- Account Domain: WORKGROUP
- Logon ID: 0x3e7
- Object:
- Object Server: Security
- Object Type: Key
- Object Name: \REGISTRY\MACHINE\SOFTWAR
- E\Microsoft\EnterpriseCertificates\Root\
- Certificates
- Handle ID: 0x484
- Resource Attributes: -
- Process Information:
- Process ID: 0x4c0
- Process Name:
- C:\Windows\System32\CompatTelRunner.exe
- Access Request Information:
- Transaction ID:
- {00000000-0000-0000-0000-000000000000}
- Accesses: %%1537
- %%1538
- %%4432
- %%4433
- %%4434
- %%4435
- %%4436
- Access Reasons: -
- Access Mask: 0x3001f
- Privileges Used for Access Check: -
- Restricted SID Count: 0
- 13345 Nov 10:48 SuccessAudit Microsoft-Windows-Security-Auditing 4656 A handle to an object was requested.
- Subject:
- Security ID: S-1-5-18
- Account Name: DESKTOP-74VJV8B$
- Account Domain: WORKGROUP
- Logon ID: 0x3e7
- Object:
- Object Server: Security
- Object Type: Key
- Object Name: \REGISTRY\MACHINE\SOFTWAR
- E\Microsoft\EnterpriseCertificates\Root\
- Certificates
- Handle ID: 0x484
- Resource Attributes: -
- Process Information:
- Process ID: 0x4c0
- Process Name:
- C:\Windows\System32\CompatTelRunner.exe
- Access Request Information:
- Transaction ID:
- {00000000-0000-0000-0000-000000000000}
- Accesses: %%1537
- %%1538
- %%4432
- %%4433
- %%4434
- %%4435
- %%4436
- Access Reasons: -
- Access Mask: 0x3001f
- Privileges Used for Access Check: -
- Restricted SID Count: 0
- 13344 Nov 15 06:57 SuccessAudit Microsoft-Windows-Security-Auditing 4656 A handle to an object was requested.
- Subject:
- Security ID: S-1-5-18
- Account Name: DESKTOP-74VJV8B$
- Account Domain: WORKGROUP
- Logon ID: 0x3e7
- Object:
- Object Server: Security
- Object Type: Key
- Object Name: \REGISTRY\MACHINE\SOFTWAR
- E\Policies\Microsoft\SystemCertificates\
- Root\Certificates
- Handle ID: 0x480
- Resource Attributes: -
- Process Information:
- Process ID: 0x4c0
- Process Name:
- C:\Windows\System32\CompatTelRunner.exe
- Access Request Information:
- Transaction ID:
- {00000000-0000-0000-0000-000000000000}
- Accesses: %%1537
- %%1538
- %%4432
- %%4433
- %%4434
- %%4435
- %%4436
- Access Reasons: -
- Access Mask: 0x3001f
- Privileges Used for Access Check: -
- Restricted SID Count: 0
- 13343 Nov 15 06:57 SuccessAudit Microsoft-Windows-Security-Auditing 4656 A handle to an object was requested.
- Subject:
- Security ID: S-1-5-18
- Account Name: DESKTOP-74VJV8B$
- Account Domain: WORKGROUP
- Logon ID: 0x3e7
- Object:
- Object Server: Security
- Object Type: Key
- Object Name: \REGISTRY\MACHINE\SOFTWAR
- E\Microsoft\SystemCertificates\ROOT\Cert
- ificates
- Handle ID: 0x47c
- Resource Attributes: -
- Process Information:
- Process ID: 0x4c0
- Process Name:
- C:\Windows\System32\CompatTelRunner.exe
- Access Request Information:
- Transaction ID:
- {00000000-0000-0000-0000-000000000000}
- Accesses: %%1537
- %%1538
- %%4432
- %%4433
- %%4434
- %%4435
- %%4436
- Access Reasons: -
- Access Mask: 0x3001f
- Privileges Used for Access Check: -
- Restricted SID Count: 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement