API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 9th, 2018
121
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.79 KB | None | 0 0
raw download clone embed print report
  1. 2731 Nov 08 07:31 SuccessAudit Microsoft-Windows-Security-Auditing 4688 A new process has been created.
  2.  
  3. Creator Subject:
  4. Security ID: S-1-5-18
  5. Account Name: DESKTOP-74VJV8B$
  6. Account Domain: WORKGROUP
  7. Logon ID: 0x3e7
  8.  
  9. Target Subject:
  10. Security ID: S-1-0-0
  11. Account Name: -
  12. Account Domain: -
  13. Logon ID: 0x0
  14.  
  15. Process Information:
  16. New Process ID: 0x126c
  17. New Process Name: C
  18. Token Elevation Type: %%1936
  19. Mandatory Label: S-1-16-16384
  20. Creator Process ID: 0x3a0
  21. Creator Process Name: C
  22. Process Command Line:
  23.  
  24. Token Elevation Type indicates the type
  25. of token that was assigned to the new
  26. process in accordance with User Account
  27. Control policy.
  28.  
  29. Type 1 is a full token with no
  30. privileges removed or groups disabled.
  31. A full token is only used if User
  32. Account Control is disabled or if the
  33. user is the built-in Administrator
  34. account or a service account.
  35.  
  36. Type 2 is an elevated token with no
  37. privileges removed or groups disabled.
  38. An elevated token is used when User
  39. Account Control is enabled and the user
  40. chooses to start the program using Run
  41. as administrator. An elevated token is
  42. also used when an application is
  43. configured to always require
  44. administrative privilege or to always
  45. require maximum privilege, and the user
  46. is a member of the Administrators group.
  47.  
  48. Type 3 is a limited token with
  49. administrative privileges removed and
  50. administrative groups disabled. The
  51. limited token is used when User Account
  52. Control is enabled, the application
  53. does not require administrative
  54. privilege, and the user does not choose
  55. to start the program using Run as
  56. administrator.
  57. 12730 Nov 08 07:30 SuccessAudit Microsoft-Windows-Security-Auditing 4689 A process has exited.
  58.  
  59. Subject:
  60. Security ID: S-1-5-20
  61. Account Name: DESKTOP-74VJV8B$
  62. Account Domain: WORKGROUP
  63. Logon ID: 0x3e4
  64.  
  65. Process Information:
  66. Process ID: 0xef8
  67. Process Name:
  68. C:\Windows\System32\sppsvc.exe
  69. Exit Status: 0x0
  70. 12729 Nov 08 07:30 SuccessAudit Microsoft-Windows-Security-Auditing 4689 A process has exited.
  71.  
  72. Subject:
  73. Security ID: S-1-5-21-2390347590-23403
  74. 59393-2568011175-1001
  75. Account Name: aprol
  76. Account Domain: DESKTOP-74VJV8B
  77. Logon ID: 0x35cf0
  78.  
  79. Process Information:
  80. Process ID: 0x1250
  81. Process Name:
  82. C:\Windows\System32\conhost.exe
  83. Exit Status: 0x0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!