sec13b
commented
1 year ago Privilege Name Description State ============================= ============================== ======== SeChangeNotifyPrivilege Bypass traverse checking Enabled SeIncreaseWorkingSetPrivilege Increase a process working set Disabled
BeichenDream
from W2012
CombaseModule: 0x140716014829568 DispatchTable: 0x140716015606096 UseProtseqFunction: 0x140716015873728 UseProtseqFunctionParamCount: 5 HookRPC Start PipeServer CreateNamedPipe \.\pipe\dc536525-c10c- Trigger RPCSS DCOM obj GUID: 00000000-0000-0000-c000- DCOM obj IPID: 0000d802-6688-ffff-d9e5- DCOM obj OXID: 0x99c78cc4cca9a740 DCOM obj OID: 0xe90d2bc4d75f18c8 DCOM obj Flags: 0x281 DCOM obj PublicRefs: 0x0 Marshal Object bytes len: 100 UnMarshal Object Pipe Connected! CurrentUser: NT AUTHORITY\NETWORK SERVI CurrentsImpersonationLevel: Identificat Start Search System Token Find System Token : False UnmarshalObject: 0x80070776 CurrentUser: NT AUTHORITY\NETWORK SERVI Cannot create process Win32Error:1314