Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- On event - Log: Security, Source: Microsoft-Windows-Eventlog, EventID: 1102
- -executionpolicy bypass -windowstyle hidden -file C:1102.ps1
- Add-Type -AssemblyName System.Windows.Forms
- $lastEvt = Get-WinEvent -LogName 'Security' -MaxEvents 20 | ? { $_.Id -eq 1102 } | select -First 1
- [System.Windows.Forms.MessageBox]::Show(($lastEvt.Message), 'Event ID: 1102')
Add Comment
Please, Sign In to add comment