Closed JohnLaTwC closed 4 years ago
To address issue #98 , I have created this PR which adds the following details to the eventlog.
Raccine Context: ChildName="WMIC.exe" ChildExecutablePath="C:\Windows\System32\wbem\WMIC.exe" ChildCommandLine="wmic delete justatest" ChildTimeSinceExeCreation=595 ChildPid=23220 ParentName="cmd.exe" ParentExecutablePath="C:\Windows\System32\cmd.exe" ParentCommandLine="'C:\windows\system32\cmd.exe' " ParentTimeSinceExeCreation=356 ParentPid=10116 GrandParentName="explorer.exe" GrandParentExecutablePath="C:\Windows\explorer.exe" GrandParentCommandLine="C:\windows\Explorer.EXE" GrandParentTimeSinceExeCreation=83 GrandParentPid=8040
To address issue #98 , I have created this PR which adds the following details to the eventlog.
Raccine Context: ChildName="WMIC.exe" ChildExecutablePath="C:\Windows\System32\wbem\WMIC.exe" ChildCommandLine="wmic delete justatest" ChildTimeSinceExeCreation=595 ChildPid=23220 ParentName="cmd.exe" ParentExecutablePath="C:\Windows\System32\cmd.exe" ParentCommandLine="'C:\windows\system32\cmd.exe' " ParentTimeSinceExeCreation=356 ParentPid=10116 GrandParentName="explorer.exe" GrandParentExecutablePath="C:\Windows\explorer.exe" GrandParentCommandLine="C:\windows\Explorer.EXE" GrandParentTimeSinceExeCreation=83 GrandParentPid=8040