ClientFileItem
ClientFileItem is available only in combination with the WmiExecution and WmiQuery operations, which have a client process. A client process is a process that actually executed a WMI method.
Property |
Type |
Description |
Example |
|---|---|---|---|
ADS |
String |
The ADS part of the path |
C:\windows\system32\notepad.exe:example -> example |
Extension |
String |
The file extension |
C:\windows\system32\notepad.exe -> exe |
FileName |
String |
The filename with the file extension |
C:\windows\system32\notepad.exe -> notepad.exe |
FileNameWithoutExtension |
String |
Filename without the file extension |
C:\windows\system32\notepad.exe -> notepad |
FullPath |
Path |
The file path including filename |
C:\windows\system32\notepad.exe -> C:\windows\system32\notepad.exe |
NameLength |
Int |
The length of the name |
C:\windows\system32\notepad.exe -> 7 |
Path |
Path |
The file path |
C:\windows\system32\notepad.exe -> C:\windows\system32\ |
isSelf |
Bool |
Triggers if the operation is done by the file on itself (common for malware to delete itself) |
true/false |
Supported operations
•WmiExecution
•WmiQuery