-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathexample_out.html
More file actions
68 lines (60 loc) · 8.43 KB
/
example_out.html
File metadata and controls
68 lines (60 loc) · 8.43 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
<html><head></head><style>ul{list-style-type:none;}.item{border: 1px solid black;margin:3px;}.item-head{background-color: #111828;color:#cecece;padding:3px;}pre{white-space: pre-wrap;padding:3px;}button{margin:3px;}</style><body><button onclick="exportElems()">Export</button><a id="export-link" style="display:none"></a><ul id="events"><li><button onclick="toggleElem(this)">Toggle</button><div class="item"><div class="item-head">09/04/2021 19:30:14 <b>1</b> - Microsoft-Windows-Sysmon, Process Create (rule: ProcessCreate)</div><pre>
TimeCreated : 9/4/2021 7:30:14 PM
ProviderName : Microsoft-Windows-Sysmon
Id : 1
Message : Process Create:
RuleName: -
UtcTime: 2021-09-04 23:30:14.945
ProcessGuid: {fdd26d49-0186-6134-0c0c-000000004200}
ProcessId: 2976
Image: C:\Windows\System32\cmd.exe
FileVersion: 10.0.19041.746 (WinBuild.160101.0800)
Description: Windows Command Processor
Product: Microsoft® Windows® Operating System
Company: Microsoft Corporation
OriginalFileName: Cmd.Exe
CommandLine: "C:\WINDOWS\system32\cmd.exe" /c notepad.exe
CurrentDirectory: C:\Users\cr8zyeights88\LogExplorer\
User: DESKTOP-486T05J\cr8zyeights88
LogonGuid: {fdd26d49-f1f3-6133-ff10-040000000000}
LogonId: 0x410FF
TerminalSessionId: 1
IntegrityLevel: High
Hashes: MD5=8A2122E8162DBEF04694B9C3E0B6CDEE,SHA256=B99D61D874728EDC0918CA0EB10EAB93D381E7367E377406E659
63366C874450,IMPHASH=272245E2988E1E430500B852C4FB5E18
ParentProcessGuid: {fdd26d49-f2fe-6133-6501-000000004200}
ParentProcessId: 5580
ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
</pre></div></li> <li><button onclick="toggleElem(this)">Toggle</button><div class="item"><div class="item-head">09/04/2021 19:30:16 <b>1</b> - Microsoft-Windows-Sysmon, Process Create (rule: ProcessCreate)</div><pre>
TimeCreated : 9/4/2021 7:30:16 PM
ProviderName : Microsoft-Windows-Sysmon
Id : 1
Message : Process Create:
RuleName: -
UtcTime: 2021-09-04 23:30:16.339
ProcessGuid: {fdd26d49-0188-6134-0d0c-000000004200}
ProcessId: 2248
Image: C:\Windows\System32\notepad.exe
FileVersion: 10.0.19041.1081 (WinBuild.160101.0800)
Description: Notepad
Product: Microsoft® Windows® Operating System
Company: Microsoft Corporation
OriginalFileName: NOTEPAD.EXE
CommandLine: notepad.exe
CurrentDirectory: C:\Users\cr8zyeights88\LogExplorer\
User: DESKTOP-486T05J\cr8zyeights88
LogonGuid: {fdd26d49-f1f3-6133-ff10-040000000000}
LogonId: 0x410FF
TerminalSessionId: 1
IntegrityLevel: High
Hashes: MD5=1C1760ED4D19CDBECB2398216922628B,SHA256=D66458A3EB1B68715B552B3AF32A9D2E889BBF8AC0C23C1AFA8D
0982023D1CE2,IMPHASH=670212BD5FAE78855C331EDDEFFDD4EB
ParentProcessGuid: {fdd26d49-0186-6134-0c0c-000000004200}
ParentProcessId: 2976
ParentImage: C:\Windows\System32\cmd.exe
ParentCommandLine: "C:\WINDOWS\system32\cmd.exe" /c notepad.exe
</pre></div></li></ul>
<script>function toggleElem(e){var li=e.nextSibling;li.style.display=li.style.display=="none"?"block":"none";}
function exportElems(){var blob = ""; var ul = document.getElementById("events"); var items = ul.getElementsByTagName("li"); for (var i = 0; i < items.length; ++i) {var event_div = items[i].lastChild;if(event_div.style.display != "none"){blob += event_div.lastChild.innerHTML + "\n";}} var link = document.getElementById("export-link"); link.href = 'data:text/plain;charset=UTF-8,' + encodeURIComponent(blob); link.innerHTML = 'Download'; link.download = 'export.txt'; link.style.display = "block";}</script>
</body></html>