private static void PrintProcessCreationEvents() { try { Beaprint.MainPrint("Process creation events - searching logs (EID 4688) for sensitive data.\n"); if (!MyUtils.IsHighIntegrity()) { Beaprint.NoColorPrint(" You must be an administrator to run this check"); return; } foreach (var eventInfo in ProcessCreation.GetProcessCreationEventInfos()) { Beaprint.BadPrint($" Created (UTC) : {eventInfo.CreatedAtUtc}\n" + $" Event Id : {eventInfo.EventId}\n" + $" User : {eventInfo.User}\n" + $" Command Line : {eventInfo.Match}\n"); Beaprint.PrintLineSeparator(); } } catch (Exception ex) { Beaprint.PrintException(ex.Message); } }