forconsultant.blogg.se - How to run vbscript in windows 7

Access Request Information > Access/Reason for Access/Access Mask: Requested privilege (DELETE).

Shared Information > Share Path: Path to the deleted object (C:\windows\temp).

Subject > Security ID/Account Name/Account Domain: SID/Account name/Domain of the user who executed the tool.

Shared Information > Share Name: Name of the deleted object (\\*\WMI_SHARE).HKEY_USERS\\Software\Microsoft\Windows Script Host Image: Path to the executable file (C:\Windows\System32\cmd.exe, and other execution commands).ParentCommandLine: Command line of the parent process (cscript /cmd \ "" ).CommandLine: Command line of the execution command ("C:\Windows\System32\cmd.exe" /c net use \\ "" /user:\).ParentImage: Executable file of the parent process (C:\Windows\System32\cscript.exe).ParentProcessGuid/ParentProcessId: Process ID of the parent process.DestinationIp/DestinationHostname/DestinationPort: Destination IP address/Host name/Port number (destination).SourceIp/SourceHostname/SourcePort: Source IP address/Host name/Port number (source host).Network connection detected (rule: NetworkConnect) Image: Path to the executable file (C:\Windows\System32\cscript.exe).

UtcTime: Process execution date and time (UTC).

CommandLine: Command line of the execution command (cscript /cmd \ "" ).