Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 2731 Nov 08 07:31 SuccessAudit Microsoft-Windows-Security-Auditing 4688 A new process has been created.
- Creator Subject:
- Security ID: S-1-5-18
- Account Name: DESKTOP-74VJV8B$
- Account Domain: WORKGROUP
- Logon ID: 0x3e7
- Target Subject:
- Security ID: S-1-0-0
- Account Name: -
- Account Domain: -
- Logon ID: 0x0
- Process Information:
- New Process ID: 0x126c
- New Process Name: C
- Token Elevation Type: %%1936
- Mandatory Label: S-1-16-16384
- Creator Process ID: 0x3a0
- Creator Process Name: C
- Process Command Line:
- Token Elevation Type indicates the type
- of token that was assigned to the new
- process in accordance with User Account
- Control policy.
- Type 1 is a full token with no
- privileges removed or groups disabled.
- A full token is only used if User
- Account Control is disabled or if the
- user is the built-in Administrator
- account or a service account.
- Type 2 is an elevated token with no
- privileges removed or groups disabled.
- An elevated token is used when User
- Account Control is enabled and the user
- chooses to start the program using Run
- as administrator. An elevated token is
- also used when an application is
- configured to always require
- administrative privilege or to always
- require maximum privilege, and the user
- is a member of the Administrators group.
- Type 3 is a limited token with
- administrative privileges removed and
- administrative groups disabled. The
- limited token is used when User Account
- Control is enabled, the application
- does not require administrative
- privilege, and the user does not choose
- to start the program using Run as
- administrator.
- 12730 Nov 08 07:30 SuccessAudit Microsoft-Windows-Security-Auditing 4689 A process has exited.
- Subject:
- Security ID: S-1-5-20
- Account Name: DESKTOP-74VJV8B$
- Account Domain: WORKGROUP
- Logon ID: 0x3e4
- Process Information:
- Process ID: 0xef8
- Process Name:
- C:\Windows\System32\sppsvc.exe
- Exit Status: 0x0
- 12729 Nov 08 07:30 SuccessAudit Microsoft-Windows-Security-Auditing 4689 A process has exited.
- Subject:
- Security ID: S-1-5-21-2390347590-23403
- 59393-2568011175-1001
- Account Name: aprol
- Account Domain: DESKTOP-74VJV8B
- Logon ID: 0x35cf0
- Process Information:
- Process ID: 0x1250
- Process Name:
- C:\Windows\System32\conhost.exe
- Exit Status: 0x0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement