User Actions and Events List

User Actions and Events List
Created by using LastActivityView
Action Time Description Filename F
8/27/2023 6:18:42 AM Run .EXE file AUDIODG.EXE C:\WINDOWS\SYSTEM32\AUDIODG.EXE
8/27/2023 6:18:42 AM Run .EXE file ctfmon.exe C:\Windows\System32\ctfmon.exe

8/27/2023 6:18:42 AM Run .EXE file CONSENT.EXE C:\WINDOWS\SYSTEM32\CONSENT.EXE
8/27/2023 6:18:27 AM Run .EXE file RUNTIMEBROKER.EXE C:\WINDOWS\SYSTEM32\RUNTIMEBROKER.EXE
8/27/2023 6:18:27 AM Run .EXE file IDENTITY_HELPER.EXE C:\PROGRAM FILES (X86)\MICROSOFT\Edge\APPLICATION\114.0.1823.67\IDENTITY_HE
8/27/2023 6:18:26 AM Run .EXE file msedge.exe C:\PROGRAM FILES (X86)\MICROSOFT\Edge\APPLICATION\msedge.exe




8/27/2023 6:18:03 AM Run .EXE file svchost.exe C:\Windows\System32\svchost.exe
8/27/2023 6:18:03 AM Run .EXE file BACKGROUNDTASKHOST.EXE C:\Windows\System32\BACKGROUNDTASKHOST.EXE
8/27/2023 6:16:50 AM Open file or folder Results D:\Results

8/27/2023 6:16:50 AM Open file or folder FullEventLogView.htm D:\Results\FullEventLogView.htm
8/27/2023 6:16:50 AM Select file in open/save dialog-box FullEventLogView.htm D:\Results\FullEventLogView.htm
8/27/2023 6:16:50 AM Select file in open/save dialog-box FullEventLogView.htm D:\Results\FullEventLogView.htm

8/27/2023 6:13:39 AM Task Run fcon.dll C:\Windows\System32\fcon.dll
8/27/2023 6:13:37 AM Run .EXE file TASKHOSTW.EXE C:\WINDOWS\SYSTEM32\TASKHOSTW.EXE


8/27/2023 6:10:59 AM Run .EXE file CWAFEATUREFLAGUPDATER.EXE C:\PROGRAM FILES (X86)\Citrix\ICA CLIENT\Receiver\FEATUREFLAG\CWAFEATUREFLA
8/27/2023 6:10:34 AM Run .EXE file CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE
8/27/2023 6:10:34 AM Run .EXE file sdbinst.exe C:\Windows\System32\sdbinst.exe

8/27/2023 6:08:30 AM Run .EXE file SMARTSCREEN.EXE C:\WINDOWS\SYSTEM32\SMARTSCREEN.EXE

8/27/2023 6:00:01 AM Task Run wsqmcons.exe C:\WINDOWS\System32\wsqmcons.exe

8/27/2023 5:55:34 AM Run .EXE file POWERSHELL.EXE C:\Windows\System32\WINDOWSPOWERSHELL\v1.0\POWERSHELL.EXE
8/27/2023 5:53:20 AM Run .EXE file MICROSOFTEDGEUPDATE.EXE C:\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\MICROSOFTEDGEUPDATE.EXE

8/27/2023 5:53:20 AM Task Run MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
8/27/2023 5:47:18 AM Run .EXE file MOUSOCOREWORKER.EXE C:\Windows\UUS\amd64\MOUSOCOREWORKER.EXE

8/27/2023 5:47:18 AM Task Run MemoryDiagnostic.dll C:\WINDOWS\System32\MemoryDiagnostic.dll
8/27/2023 5:47:18 AM Task Run MemoryDiagnostic.dll C:\WINDOWS\System32\MemoryDiagnostic.dll
8/27/2023 5:47:18 AM Task Run cleanmgr.exe C:\WINDOWS\system32\cleanmgr.exe

8/27/2023 5:41:21 AM Run .EXE file MSEDGEWEBVIEW2.EXE C:\PROGRAM FILES (X86)\MICROSOFT\EDGEWEBVIEW\APPLICATION\114.0.1823.67\M




8/27/2023 5:32:12 AM Run .EXE file GOOGLEUPDATE.EXE C:\PROGRAM FILES (X86)\Google\Update\GOOGLEUPDATE.EXE
8/27/2023 5:31:20 AM Task Run GoogleUpdate.exe" "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe"
8/27/2023 5:27:49 AM Run .EXE file SELFSERVICE.EXE.CONFIG C:\PROGRAM FILES (X86)\Citrix\ICA CLIENT\SELFSERVICEPLUGIN\SELFSERVICE.EXE
8/27/2023 5:25:35 AM Run .EXE file dllhost.exe C:\Windows\SysWOW64\dllhost.exe

8/27/2023 5:25:27 AM Run .EXE file MSTEAMSUPDATE.EXE C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFTTEAMS_23119.303.2080.2726_X64__8W

8/27/2023 5:20:49 AM Run .EXE file SECURITYHEALTHHOST.EXE C:\WINDOWS\SYSTEM32\SECURITYHEALTH\1.0.2306.10002-0\SECURITYHEALTHHOST
8/27/2023 5:20:33 AM Run .EXE file MpCmdRun.exe C:\PROGRAMDATA\MICROSOFT\WINDOWS DEFENDER\Platform\4.18.23050.5-0\MpCmdR


8/27/2023 5:10:29 AM Run .EXE file cmd.exe C:\Windows\SysWOW64\cmd.exe
8/27/2023 5:10:28 AM Run .EXE file CITRIXRECEIVERUPDATER.EXE C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\CITRIX\UPDATERBINARIES\37F0


8/27/2023 4:42:43 AM Run .EXE file dllhost.exe C:\Windows\System32\dllhost.exe

8/27/2023 4:41:44 AM Run .EXE file SEARCHPROTOCOLHOST.EXE C:\Windows\System32\SEARCHPROTOCOLHOST.EXE
8/27/2023 4:41:36 AM Open file or folder ExecutedProgramList.htm D:\Results\ExecutedProgramList.htm

8/27/2023 4:40:05 AM Open file or folder ChromeHistoryView.htm D:\Results\ChromeHistoryView.htm


8/27/2023 4:39:00 AM Open file or folder BrowsingHistoryView.htm D:\Results\BrowsingHistoryView.htm





8/27/2023 4:37:56 AM Run .EXE file rundll32.exe C:\Windows\System32\rundll32.exe

8/27/2023 4:37:09 AM View Folder in Explorer Results Results


8/27/2023 4:33:49 AM Run .EXE file BDEUISRV.EXE C:\WINDOWS\SYSTEM32\BDEUISRV.EXE
8/27/2023 4:33:49 AM Run .EXE file WUDFHOST.EXE C:\WINDOWS\SYSTEM32\WUDFHOST.EXE


8/27/2023 4:32:29 AM Run .EXE file MONOTIFICATIONUX.EXE C:\Windows\UUS\amd64\MONOTIFICATIONUX.EXE

8/27/2023 4:32:29 AM Task Run MusNotification.exe C:\WINDOWS\system32\MusNotification.exe

8/27/2023 4:32:07 AM Run .EXE file WmiPrvSE.exe C:\Windows\System32\wbem\WmiPrvSE.exe

8/27/2023 4:32:05 AM Run .EXE file SPPSVC.EXE C:\WINDOWS\SYSTEM32\SPPSVC.EXE

8/27/2023 4:31:58 AM Run .EXE file COMPATTELRUNNER.EXE C:\WINDOWS\SYSTEM32\COMPATTELRUNNER.EXE

8/27/2023 4:31:27 AM Task Run sc.exe C:\WINDOWS\system32\sc.exe




8/27/2023 4:06:41 AM Task Run wermgr.exe C:\WINDOWS\system32\wermgr.exe



8/27/2023 3:49:25 AM Task Run devicecensus.exe C:\WINDOWS\system32\devicecensus.exe

8/27/2023 3:48:41 AM Run .EXE file WAASMEDICAGENT.EXE C:\Windows\UUS\amd64\WAASMEDICAGENT.EXE

8/27/2023 3:48:40 AM Task Run







8/27/2023 3:09:15 AM Open file or folder Screenshotss C:\Users\user\Desktop\Screenshotss
8/27/2023 3:09:15 AM Open file or folder windowInstallation data.png C:\Users\user\Desktop\Screenshotss\windowInstallation data.png
8/27/2023 3:09:15 AM Select file in open/save dialog-box windowInstallation data.png C:\Users\user\Desktop\Screenshotss\windowInstallation data.png
8/27/2023 3:09:12 AM Open file or folder Desktop C:\Users\user\Desktop
8/27/2023 3:08:48 AM Run .EXE file PICKERHOST.EXE C:\Windows\System32\PICKERHOST.EXE

8/27/2023 3:08:37 AM Run .EXE file SNIPPINGTOOL.EXE C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.SCREENSKETCH_11.2303.17.0_X64__
8/27/2023 3:08:17 AM Run .EXE file SCREENCLIPPINGHOST.EXE C:\Windows\SYSTEMAPPS\MICROSOFTWINDOWS.CLIENT.CBS_CW5N1H2TXYEWY\SCR


8/27/2023 3:07:56 AM Run .EXE file SCREENCLIPPINGHOST.EXE C:\Windows\SYSTEMAPPS\MICROSOFTWINDOWS.CLIENT.CBS_CW5N1H2TXYEWY\SCR

8/27/2023 3:07:43 AM Run .EXE file hlp8.exe C:\Windows\System32\DRIVERSTORE\FILEREPOSITORY\FN.INF_AMD64_2C108E77DF60B
8/27/2023 3:07:37 AM Open file or folder Screenshots C:\Users\user\Pictures\Screenshots

8/27/2023 3:07:37 AM Open file or folder Screenshot (2).png C:\Users\user\Pictures\Screenshots\Screenshot (2).png
8/27/2023 3:07:34 AM Run .EXE file SEARCHFILTERHOST.EXE C:\Windows\System32\SEARCHFILTERHOST.EXE
8/27/2023 3:07:33 AM Open file or folder Screenshot (1).png C:\Users\user\Pictures\Screenshots\Screenshot (1).png

8/27/2023 3:07:13 AM Run .EXE file TRUSTEDINSTALLER.EXE C:\Windows\SERVICING\TRUSTEDINSTALLER.EXE

8/27/2023 3:07:12 AM Run .EXE file SYSTEMINFO.EXE C:\Windows\System32\SYSTEMINFO.EXE

8/27/2023 3:07:06 AM Run .EXE file WINDOWSTERMINAL.EXE C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.WINDOWSTERMINAL_1.17.11461.0_X
8/27/2023 3:07:06 AM Run .EXE file OPENCONSOLE.EXE C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.WINDOWSTERMINAL_1.17.11461.0_X






8/27/2023 3:04:21 AM Run .EXE file msinfo32.exe C:\Windows\System32\msinfo32.exe


8/27/2023 3:02:47 AM Run .EXE file dxdiag.exe C:\Windows\System32\dxdiag.exe

8/27/2023 3:00:01 AM Task Run IntelligentPwdlessTask.dll C:\WINDOWS\system32\IntelligentPwdlessTask.dll





8/26/2023 11:27:49 PM Run .EXE file SELFSERVICE.EXE.CONFIG C:\PROGRAM FILES (X86)\Citrix\ICA CLIENT\SELFSERVICEPLUGIN\SELFSERVICE.EXE
8/26/2023 11:25:26 PM Run .EXE file MSTEAMSUPDATE.EXE C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFTTEAMS_23119.303.2080.2726_X64__8W

8/26/2023 11:15:26 PM Run .EXE file svchost.exe C:\Windows\System32\svchost.exe
8/26/2023 11:15:26 PM Run .EXE file SIHCLIENT.EXE C:\WINDOWS\SYSTEM32\SIHCLIENT.EXE
8/26/2023 11:10:34 PM Run .EXE file sdbinst.exe C:\Windows\System32\sdbinst.exe
8/26/2023 11:10:26 PM Run .EXE file UPFC.EXE C:\WINDOWS\SYSTEM32\UPFC.EXE

8/26/2023 10:27:49 PM Run .EXE file SELFSERVICE.EXE.CONFIG C:\PROGRAM FILES (X86)\Citrix\ICA CLIENT\SELFSERVICEPLUGIN\SELFSERVICE.EXE
8/26/2023 4:32:28 PM Run .EXE file MONOTIFICATIONUX.EXE C:\Windows\UUS\amd64\MONOTIFICATIONUX.EXE

8/26/2023 1:10:27 PM Task Run FaceFodUninstaller.exe C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe
8/26/2023 11:11:29 AM Task Run energytask.dll C:\WINDOWS\System32\energytask.dll

8/26/2023 11:11:28 AM Run .EXE file VSSVC.EXE C:\WINDOWS\SYSTEM32\VSSVC.EXE
8/26/2023 11:11:28 AM Task Run srtasks.exe C:\WINDOWS\system32\srtasks.exe

8/26/2023 11:10:29 AM Run .EXE file mscorsvw.exe C:\Windows\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\mscorsvw.exe
8/26/2023 11:10:29 AM Run .EXE file ngen.exe C:\Windows\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ngen.exe
8/26/2023 11:10:29 AM Run .EXE file ngen.exe C:\Windows\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ngen.exe

8/26/2023 11:10:28 AM Run .EXE file ngentask.exe C:\Windows\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ngentask.exe
8/26/2023 11:10:28 AM Run .EXE file mscorsvw.exe C:\Windows\MICROSOFT.NET\FRAMEWORK\V4.0.30319\mscorsvw.exe
8/26/2023 11:10:28 AM Task Run mscoree.dll C:\Windows\System32\mscoree.dll


8/26/2023 11:10:27 AM Run .EXE file ngentask.exe C:\Windows\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ngentask.exe

8/26/2023 11:10:27 AM Task Run MpCmdRun.exe C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MpCmdRun.exe
8/26/2023 11:10:27 AM Task Run SecureBootEncodeUEFI.exe C:\WINDOWS\system32\SecureBootEncodeUEFI.exe
8/26/2023 11:10:27 AM Task Run rundll32.exe C:\WINDOWS\system32\rundll32.exe

8/26/2023 11:10:27 AM Task Run WofTasks.dll C:\WINDOWS\system32\WofTasks.dll
8/26/2023 11:10:27 AM Task Run disksnapshot.exe C:\WINDOWS\system32\disksnapshot.exe
8/26/2023 11:10:27 AM Task Run usbceip.dll C:\WINDOWS\System32\usbceip.dll

8/26/2023 11:10:27 AM Task Run WorkFoldersShell.dll C:\Windows\System32\WorkFoldersShell.dll
8/26/2023 11:10:27 AM Task Run pstask.dll C:\Windows\System32\pstask.dll

8/26/2023 11:10:27 AM Task Run StorageUsage.dll C:\WINDOWS\system32\StorageUsage.dll
8/26/2023 11:10:27 AM Task Run dstokenclean.exe C:\WINDOWS\system32\dstokenclean.exe
8/26/2023 11:10:27 AM Task Run fcon.dll C:\Windows\System32\fcon.dll

8/26/2023 11:10:27 AM Task Run srchadmin.dll C:\WINDOWS\System32\srchadmin.dll
8/26/2023 11:10:27 AM Task Run lpremove.exe C:\WINDOWS\system32\lpremove.exe


8/26/2023 10:41:57 AM Run .EXE file WINSAT.EXE C:\WINDOWS\SYSTEM32\WINSAT.EXE

8/26/2023 10:40:01 AM Task Run AutonomicMgr.exe C:\WINDOWS\System32\DriverStore\FileRepository\smartstandbycomponent.inf_amd64_1a7a38

8/26/2023 10:23:19 AM Task Run MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
8/26/2023 9:56:52 AM Run .EXE file FILECOAUTH.EXE C:\Users\user\AppData\Local\MICROSOFT\OneDrive\23.132.0625.0001\FILECOAUTH.EXE
8/26/2023 9:56:52 AM Run .EXE file USEROOBEBROKER.EXE C:\WINDOWS\SYSTEM32\OOBE\USEROOBEBROKER.EXE



8/26/2023 9:50:13 AM Run .EXE file LOGONUI.EXE C:\WINDOWS\SYSTEM32\LOGONUI.EXE
8/26/2023 9:45:12 AM Task Run LITSSvc.exe C:\Windows\System32\LITSSvc.exe

8/26/2023 9:45:12 AM User Logon


8/26/2023 9:31:19 AM Task Run GoogleUpdate.exe" "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe"



8/26/2023 9:13:16 AM User Logon




8/26/2023 8:28:27 AM User Logon



8/26/2023 7:49:35 AM Task Run WinSATAPI.dll C:\WINDOWS\system32\WinSATAPI.dll

8/26/2023 7:49:34 AM Task Run sysmain.dll C:\WINDOWS\system32\sysmain.dll



8/26/2023 6:36:13 AM User Logon
8/26/2023 5:45:29 AM Task Run wdi.dll C:\WINDOWS\System32\wdi.dll

8/26/2023 5:45:01 AM Run .EXE file makecab.exe C:\Windows\System32\makecab.exe
8/26/2023 5:42:27 AM Run .EXE file SDIAGNHOST.EXE C:\Windows\System32\SDIAGNHOST.EXE
8/26/2023 5:42:27 AM Run .EXE file TiWorker.exe C:\Windows\WinSxS\AMD64_MICROSOFT-WINDOWS-SERVICINGSTACK_31BF3856AD36

8/26/2023 5:42:27 AM Task Run sdiagschd.dll C:\WINDOWS\System32\sdiagschd.dll

8/26/2023 5:42:27 AM Task Run
8/26/2023 5:42:27 AM Task Run defrag.exe C:\WINDOWS\system32\defrag.exe
8/26/2023 5:41:29 AM Run .EXE file LockApp.exe C:\Windows\SYSTEMAPPS\MICROSOFT.LOCKAPP_CW5N1H2TXYEWY\LockApp.exe





8/26/2023 5:38:17 AM Run .EXE file chrome.exe C:\PROGRAM FILES\Google\Chrome\APPLICATION\chrome.exe



8/26/2023 5:29:42 AM Run .EXE file CTXWEBBROWSER.EXE C:\PROGRAM FILES (X86)\Citrix\ICA CLIENT\Browser\CTXWEBBROWSER.EXE
8/26/2023 5:26:46 AM Run .EXE file sc.exe C:\Windows\System32\sc.exe

8/26/2023 5:26:46 AM Run .EXE file FWSWITCHSERVICE.EXE C:\Windows\Firmware\FWSWITCHBIN\FWSWITCHSERVICE.EXE
8/26/2023 5:25:28 AM Task Run usoclient.exe C:\WINDOWS\system32\usoclient.exe


8/26/2023 5:22:50 AM Task Run ProvTool.exe C:\WINDOWS\system32\ProvTool.exe


8/26/2023 5:18:08 AM Task Run PrinterCleanupTask.dll C:\Windows\System32\PrinterCleanupTask.dll
8/26/2023 5:17:50 AM Run .EXE file verclsid.exe C:\Windows\System32\verclsid.exe

8/26/2023 5:17:00 AM Run .EXE file schtasks.exe C:\Windows\SysWOW64\schtasks.exe
8/26/2023 5:17:00 AM Run .EXE file SETACL_X64.EXE C:\PROGRAM FILES (X86)\K-LITE CODEC PACK\Tools\SETACL_X64.EXE
8/26/2023 5:16:57 AM Run .EXE file SETUSERFTA.EXE C:\USERS\USER\APPDATA\LOCAL\TEMP\IS-UIDBC.TMP\SETUSERFTA.EXE



8/26/2023 5:16:57 AM Software Installation unins000.exe C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe
8/26/2023 5:16:56 AM Run .EXE file regsvr32.exe C:\Windows\System32\regsvr32.exe

8/26/2023 5:16:56 AM Run .EXE file regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe


8/26/2023 5:16:49 AM Run .EXE file MSI7FF.tmp C:\Users\user\AppData\Local\Temp\MSI7FF.tmp

8/26/2023 5:16:48 AM Run .EXE file STELLARDATARECOVERY.EXE C:\PROGRAM FILES\STELLAR DATA RECOVERY\STELLARDATARECOVERY.EXE
8/26/2023 5:16:46 AM Run .EXE file msiexec.exe C:\Windows\SysWOW64\msiexec.exe
8/26/2023 5:16:46 AM Windows Installer Ended

8/26/2023 5:16:36 AM Windows Installer Started

8/26/2023 5:16:25 AM Run .EXE file msiexec.exe C:\Windows\System32\msiexec.exe


8/26/2023 5:15:47 AM Run .EXE file BDEUISRV.EXE C:\WINDOWS\SYSTEM32\BDEUISRV.EXE

8/26/2023 5:15:39 AM Run .EXE file WIDGETSERVICE.EXE C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFTWINDOWS.CLIENT.WEBEXPERIENCE
8/26/2023 5:15:30 AM Task Run WorkFoldersShell.dll C:\Windows\System32\WorkFoldersShell.dll
8/26/2023 5:14:27 AM Run .EXE file WMIADAP.exe C:\Windows\System32\wbem\WMIADAP.exe

8/26/2023 5:14:07 AM Run .EXE file FILECOAUTH.EXE C:\Users\user\AppData\Local\MICROSOFT\OneDrive\23.132.0625.0001\FILECOAUTH.EXE
8/26/2023 5:14:07 AM Run .EXE file USEROOBEBROKER.EXE C:\WINDOWS\SYSTEM32\OOBE\USEROOBEBROKER.EXE
8/26/2023 5:14:06 AM Run .EXE file APPLICATIONFRAMEHOST.EXE C:\WINDOWS\SYSTEM32\APPLICATIONFRAMEHOST.EXE


8/26/2023 5:12:49 AM Run .EXE file MATTERMOST.EXE C:\PROGRAM FILES\MATTERMOST\Desktop\MATTERMOST.EXE


8/26/2023 5:12:28 AM Run .EXE file SGRMBROKER.EXE C:\WINDOWS\SYSTEM32\SGRM\SGRMBROKER.EXE

8/26/2023 5:11:37 AM Task Run WiFiCloudStore.dll C:\Windows\System32\WiFiCloudStore.dll
8/26/2023 5:11:27 AM Task Run dxgiadaptercache.exe C:\WINDOWS\system32\dxgiadaptercache.exe

8/26/2023 5:11:13 AM Run .EXE file cvtres.exe C:\Windows\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\cvtres.exe

8/26/2023 5:11:13 AM Run .EXE file csc.exe C:\Windows\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\csc.exe
8/26/2023 5:11:00 AM Run .EXE file WLRMDR.EXE C:\WINDOWS\SYSTEM32\WLRMDR.EXE
8/26/2023 5:11:00 AM Task Run CoreGlobConfig.dll C:\Windows\System32\CoreGlobConfig.dll

8/26/2023 5:11:00 AM Task Run RtkAudUService64.exe"" ""C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_ed3f04e1261e4
8/26/2023 5:10:49 AM Run .EXE file reg.exe C:\Windows\System32\reg.exe


8/26/2023 5:10:48 AM Run .EXE file SECURITYHEALTHSERVICE.EXE C:\WINDOWS\SYSTEM32\SECURITYHEALTHSERVICE.EXE

8/26/2023 5:10:48 AM Run .EXE file SECURITYHEALTHSSO.DLL C:\WINDOWS\SYSTEM32\SECURITYHEALTHSSO.DLL
8/26/2023 5:10:41 AM Run .EXE file mobsync.exe C:\Windows\System32\mobsync.exe
8/26/2023 5:10:38 AM Task Run shell32.dll C:\WINDOWS\system32\shell32.dll

8/26/2023 5:10:37 AM Task Run ngctasks.dll C:\WINDOWS\system32\ngctasks.dll
8/26/2023 5:10:35 AM Task Run ngctasks.dll C:\WINDOWS\system32\ngctasks.dll

8/26/2023 5:10:35 AM Task Run TpmTasks.dll C:\WINDOWS\system32\TpmTasks.dll
8/26/2023 5:10:30 AM Task Run PlaySndSrv.dll C:\WINDOWS\System32\PlaySndSrv.dll
8/26/2023 5:10:30 AM Task Run pnpui.dll C:\Windows\System32\pnpui.dll

8/26/2023 5:10:30 AM Task Run mscms.dll C:\Windows\System32\mscms.dll
8/26/2023 5:10:30 AM Task Run MDMAgent.exe C:\WINDOWS\system32\MDMAgent.exe
8/26/2023 5:10:30 AM Task Run wininet.dll C:\WINDOWS\system32\wininet.dll

8/26/2023 5:10:30 AM Task Run PowerMgr.exe" "C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe"
8/26/2023 5:10:30 AM Task Run MsCtfMonitor.dll C:\WINDOWS\system32\MsCtfMonitor.dll
8/26/2023 5:10:28 AM Task Run sdbinst.exe C:\WINDOWS\system32\sdbinst.exe

8/26/2023 5:10:27 AM Task Run MBMediaManager.dll C:\Windows\System32\MBMediaManager.dll
8/26/2023 5:10:27 AM Task Run ClipRenew.exe C:\WINDOWS\system32\ClipRenew.exe
8/26/2023 5:10:27 AM User Logon

8/26/2023 5:10:26 AM User Logon
8/26/2023 5:10:26 AM Task Run MitigationConfiguration.dll C:\WINDOWS\System32\MitigationConfiguration.dll

8/26/2023 5:10:26 AM User Logon
8/26/2023 5:10:26 AM User Logon
8/26/2023 5:10:26 AM System Started

8/26/2023 5:05:08 AM System Shutdown
8/26/2023 5:04:21 AM User Logon

8/26/2023 5:04:21 AM User Logon
8/26/2023 5:04:21 AM User Logon

8/26/2023 4:56:56 AM User Logon
8/26/2023 4:56:56 AM User Logon

8/26/2023 4:56:56 AM User Logon



8/26/2023 4:42:40 AM Run .EXE file DRVINST.EXE C:\WINDOWS\SYSTEM32\DRVINST.EXE





8/26/2023 4:30:57 AM Task Run fhtask.dll C:\WINDOWS\System32\fhtask.dll

8/26/2023 4:30:57 AM Task Run regidle.dll C:\WINDOWS\System32\regidle.dll
8/26/2023 4:30:57 AM Task Run la57setup.exe C:\WINDOWS\system32\la57setup.exe

8/26/2023 4:30:57 AM Task Run tzsync.exe C:\WINDOWS\system32\tzsync.exe

8/26/2023 4:29:28 AM Run .EXE file DEFRAG.EXE C:\WINDOWS\SYSTEM32\DEFRAG.EXE
8/26/2023 4:29:27 AM Task Run

8/26/2023 4:29:26 AM Task Run DeviceDirectoryClient.dll C:\WINDOWS\system32\DeviceDirectoryClient.dll


8/26/2023 4:23:35 AM Run .EXE file RELPOST.EXE C:\WINDOWS\SYSTEM32\RELPOST.EXE


8/26/2023 4:18:33 AM Run .EXE file SIHCLIENT.EXE C:\WINDOWS\SYSTEM32\SIHCLIENT.EXE


8/26/2023 4:16:58 AM Run .EXE file WAASMEDICAGENT.EXE C:\Windows\UUS\amd64\WAASMEDICAGENT.EXE




8/26/2023 4:13:33 AM User Logon

8/26/2023 4:13:33 AM User Logon
8/26/2023 4:13:33 AM User Logon
8/26/2023 4:09:06 AM Software Crash DAX3API.exe C:\WINDOWS\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_943df24ce16




8/26/2023 4:06:41 AM User Logon

8/26/2023 4:06:41 AM User Logon
8/26/2023 4:06:41 AM User Logon

8/26/2023 4:02:23 AM User Logon
8/26/2023 4:02:23 AM User Logon

8/26/2023 4:02:23 AM User Logon

8/25/2023 3:27:12 AM Run .EXE file UPFC.EXE C:\WINDOWS\SYSTEM32\UPFC.EXE








8/24/2023 3:20:49 AM User Logon

8/24/2023 3:20:48 AM User Logon
8/24/2023 3:20:48 AM User Logon

8/24/2023 3:18:41 AM User Logon
8/24/2023 3:18:41 AM User Logon

8/24/2023 3:18:41 AM User Logon
8/24/2023 3:17:15 AM Software Crash intel_cst_service_standalone.exe C:\WINDOWS\System32\DriverStore\FileRepository\icst_service.inf_amd64_5b72be1e8fd122b9

8/24/2023 3:17:09 AM User Logon
8/24/2023 3:17:09 AM User Logon

8/24/2023 3:17:09 AM User Logon

8/24/2023 3:15:13 AM User Logon
8/24/2023 3:15:13 AM User Logon
8/24/2023 3:15:13 AM User Logon

7/10/2023 10:32:27 PM System Shutdown
7/10/2023 10:32:25 PM User Logoff

7/10/2023 10:32:23 PM Run .EXE file dllhost.exe C:\Windows\System32\dllhost.exe
7/10/2023 10:32:23 PM Run .EXE file EPDCTRL.EXE C:\WINDOWS\SYSTEM32\EPDCTRL.EXE
7/10/2023 10:32:20 PM Run .EXE file PICKERHOST.EXE C:\Windows\System32\PICKERHOST.EXE

7/10/2023 8:19:54 PM Run .EXE file SPPSVC.EXE C:\WINDOWS\SYSTEM32\SPPSVC.EXE

7/10/2023 8:19:12 PM Run .EXE file TRUSTEDINSTALLER.EXE C:\Windows\SERVICING\TRUSTEDINSTALLER.EXE
7/10/2023 8:19:05 PM Run .EXE file chrome.exe C:\PROGRAM FILES\Google\Chrome\APPLICATION\chrome.exe

7/10/2023 8:19:05 PM Run .EXE file AUDIODG.EXE C:\WINDOWS\SYSTEM32\AUDIODG.EXE
7/10/2023 8:19:04 PM Run .EXE file RUNTIMEBROKER.EXE C:\WINDOWS\SYSTEM32\RUNTIMEBROKER.EXE

7/10/2023 8:19:04 PM Run .EXE file SHELLEXPERIENCEHOST.EXE C:\Windows\SYSTEMAPPS\SHELLEXPERIENCEHOST_CW5N1H2TXYEWY\SHELLEXPER
7/10/2023 8:19:04 PM Task Run dimsjob.dll C:\WINDOWS\system32\dimsjob.dll

7/10/2023 8:19:03 PM Run .EXE file MATTERMOST.EXE C:\PROGRAM FILES\MATTERMOST\Desktop\MATTERMOST.EXE
7/10/2023 7:56:00 PM Task Run usoclient.exe C:\WINDOWS\system32\usoclient.exe



7/10/2023 10:27:04 AM Run .EXE file WerFault.exe C:\Windows\System32\WerFault.exe



7/10/2023 10:05:11 AM Run .EXE file SPATIALAUDIOLICENSESRV.EXE C:\Windows\System32\SPATIALAUDIOLICENSESRV.EXE
7/10/2023 10:04:57 AM User Logon


7/10/2023 10:04:49 AM Task Run OneDriveStandaloneUpdater.exe C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe


7/10/2023 6:59:35 AM Run .EXE file MICROSOFT.SHAREPOINT.EXE C:\Users\user\AppData\Local\MICROSOFT\OneDrive\23.132.0625.0001\MICROSOFT.SHAREP

7/10/2023 6:59:33 AM Run .EXE file OneDrive.exe C:\Users\user\AppData\Local\MICROSOFT\OneDrive\OneDrive.exe
7/10/2023 6:59:32 AM Software Installation OneDriveSetup.exe C:\Users\user\AppData\Local\Microsoft\OneDrive\23.132.0625.0001\OneDriveSetup.exe

7/10/2023 6:59:31 AM Run .EXE file FILESYNCCONFIG.EXE C:\Users\user\AppData\Local\MICROSOFT\OneDrive\23.132.0625.0001\FILESYNCCONFIG.EX
7/10/2023 6:59:24 AM Run .EXE file ONEDRIVESETUP.EXE C:\Users\user\AppData\Local\MICROSOFT\OneDrive\Update\ONEDRIVESETUP.EXE


7/10/2023 6:43:22 AM Run .EXE file SYSTEMSETTINGSBROKER.EXE C:\WINDOWS\SYSTEM32\SYSTEMSETTINGSBROKER.EXE


7/10/2023 6:39:23 AM Run .EXE file SECURITYHEALTHSETUP.EXE C:\WINDOWS\SYSTEM32\SECURITYHEALTH\SECURITYHEALTHSETUP.EXE


7/10/2023 6:38:43 AM Task Run wosc.dll C:\Windows\System32\wosc.dll



7/10/2023 6:38:01 AM User Logon

7/10/2023 6:37:59 AM Run .EXE file BACKGROUNDTRANSFERHOST.EXE C:\Windows\System32\BACKGROUNDTRANSFERHOST.EXE
7/10/2023 6:37:52 AM Task Run dmclient.exe C:\WINDOWS\system32\dmclient.exe

7/10/2023 6:37:48 AM Task Run dimsjob.dll C:\WINDOWS\system32\dimsjob.dll

7/10/2023 6:37:48 AM Task Run InstallServiceTasks.dll C:\Windows\System32\InstallServiceTasks.dll





7/7/2023 12:58:55 PM Run .EXE file TiWorker.exe C:\Windows\WinSxS\AMD64_MICROSOFT-WINDOWS-SERVICINGSTACK_31BF3856AD36

7/7/2023 8:27:23 AM Run .EXE file USOCLIENT.EXE C:\WINDOWS\SYSTEM32\USOCLIENT.EXE




7/5/2023 5:48:33 AM Run .EXE file COMPPKGSRV.EXE C:\WINDOWS\SYSTEM32\COMPPKGSRV.EXE

7/5/2023 5:44:16 AM Run .EXE file FILECOAUTH.EXE C:\USERS\USER\APPDATA\LOCAL\MICROSOFT\ONEDRIVE\23.127.0618.0001\FILECOAU

7/5/2023 5:38:47 AM User Logon

7/5/2023 5:37:49 AM Run .EXE file USERACCOUNTBROKER.EXE C:\Windows\System32\USERACCOUNTBROKER.EXE

7/5/2023 5:37:30 AM Run .EXE file SYSTEMSETTINGS.EXE C:\Windows\IMMERSIVECONTROLPANEL\SYSTEMSETTINGS.EXE
7/5/2023 5:37:20 AM Run .EXE file ELEVATION_SERVICE.EXE C:\PROGRAM FILES\GOOGLE\CHROME\TEMP\SOURCE12532_1187240283\CHROME-BIN


7/5/2023 5:37:08 AM User Logon



7/3/2023 1:37:59 PM Run .EXE file WmiPrvSE.exe C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
7/3/2023 1:37:57 PM Run .EXE file SYSTEMINFO.EXE C:\Windows\SysWOW64\SYSTEMINFO.EXE

7/3/2023 1:37:57 PM Run .EXE file cmd.exe C:\Windows\SysWOW64\cmd.exe
7/3/2023 1:37:57 PM Run .EXE file tasklist.exe C:\Windows\SysWOW64\tasklist.exe

7/3/2023 1:37:57 PM Run .EXE file ipconfig.exe C:\Windows\SysWOW64\ipconfig.exe
7/3/2023 1:37:57 PM Run .EXE file CISCOJABBERPRT.EXE C:\PROGRAM FILES (X86)\CISCO SYSTEMS\CISCO JABBER\CISCOJABBERPRT.EXE
7/3/2023 1:09:51 PM Run .EXE file CISCOJABBER.EXE C:\PROGRAM FILES (X86)\CISCO SYSTEMS\CISCO JABBER\CISCOJABBER.EXE
7/3/2023 1:09:44 PM Run .EXE file SECURITYHEALTHHOST.EXE C:\WINDOWS\SYSTEM32\SECURITYHEALTH\1.0.2303.28002-0\SECURITYHEALTHHOST

7/3/2023 1:09:44 PM Run .EXE file chcp.com C:\Windows\System32\chcp.com
7/3/2023 1:09:43 PM Run .EXE file cmd.exe C:\Windows\System32\cmd.exe

7/3/2023 1:09:43 PM Run .EXE file reg.exe C:\Windows\System32\reg.exe

7/3/2023 1:09:34 PM User Logon


7/3/2023 11:25:26 AM Task Run




7/3/2023 11:24:47 AM Task Run Themes.SsfDownload.ScheduledTask.dll C:\Windows\System32\Themes.SsfDownload.ScheduledTask.dll
7/3/2023 11:24:47 AM Task Run AppHostRegistrationVerifier.exe C:\WINDOWS\system32\AppHostRegistrationVerifier.exe

7/3/2023 11:24:47 AM Task Run dmclient.exe C:\WINDOWS\system32\dmclient.exe
7/3/2023 11:24:47 AM Task Run TempSignedLicenseExchangeTask.dll C:\Windows\System32\TempSignedLicenseExchangeTask.dll




7/3/2023 10:52:30 AM Task Run dimsjob.dll C:\WINDOWS\system32\dimsjob.dll




7/3/2023 10:37:47 AM Run .EXE file SDIAGNHOST.EXE C:\Windows\System32\SDIAGNHOST.EXE


7/3/2023 10:37:47 AM Task Run ReAgentTask.dll C:\WINDOWS\System32\ReAgentTask.dll
7/3/2023 10:37:47 AM Task Run DeviceSetupManagerAPI.dll C:\WINDOWS\System32\DeviceSetupManagerAPI.dll

7/3/2023 10:37:47 AM Task Run AppListBackupLauncher.dll C:\WINDOWS\system32\AppListBackupLauncher.dll


7/3/2023 10:36:29 AM Task Run devicecensus.exe C:\WINDOWS\system32\devicecensus.exe


7/3/2023 10:10:45 AM Run .EXE file WUAUCLTCORE.EXE C:\Windows\UUS\amd64\WUAUCLTCORE.EXE

7/3/2023 10:10:45 AM Task Run SpeechModelDownload.exe C:\WINDOWS\system32\speech_onecore\common\SpeechModelDownload.exe

7/3/2023 9:57:57 AM Run .EXE file ELEVATION_SERVICE.EXE C:\PROGRAM FILES\GOOGLE\CHROME\TEMP\SOURCE12532_1187240283\CHROME-BIN


7/3/2023 9:57:24 AM Run .EXE file setup.exe C:\PROGRAM FILES\Google\Chrome\APPLICATION\114.0.5735.199\INSTALLER\setup.exe

7/3/2023 9:57:24 AM Run .EXE file GOOGLEUPDATEONDEMAND.EXE C:\PROGRAM FILES (X86)\Google\Update\1.3.36.272\GOOGLEUPDATEONDEMAND.EXE

7/3/2023 9:46:52 AM Run .EXE file TIWORKER.EXE C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SERVICINGSTACK_31BF3856A




7/3/2023 9:40:26 AM Task Run LanguageComponentsInstaller.dll C:\Windows\System32\LanguageComponentsInstaller.dll

7/3/2023 9:33:23 AM Run .EXE file WMIAPSRV.EXE C:\WINDOWS\SYSTEM32\WBEM\WMIAPSRV.EXE

7/3/2023 9:32:35 AM Run .EXE file GOOGLECRASHHANDLER.EXE C:\PROGRAM FILES (X86)\Google\Update\1.3.36.272\GOOGLECRASHHANDLER.EXE
7/3/2023 9:32:35 AM Run .EXE file GOOGLECRASHHANDLER64.EXE C:\PROGRAM FILES (X86)\Google\Update\1.3.36.272\GOOGLECRASHHANDLER64.EXE
7/3/2023 9:32:35 AM Software Installation chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

7/3/2023 9:32:17 AM Run .EXE file SETUP.EXE C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\INSTALL\{9FA42375-60CB-4599-8AEF-3B79
7/3/2023 9:32:17 AM Run .EXE file 114.0.5735.199_CHROME_INSTALLER.EXE C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\INSTALL\{9FA42375-60CB-4599-8AEF-3B79




7/3/2023 9:28:21 AM Run .EXE file MSEDGEWEBVIEW2.EXE C:\PROGRAM FILES (X86)\MICROSOFT\EDGECORE\114.0.1823.43\MSEDGEWEBVIEW2.E


7/3/2023 9:28:06 AM Run .EXE file WIDGETS.EXE C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFTWINDOWS.CLIENT.WEBEXPERIENCE
7/3/2023 9:27:20 AM Task Run AppHostRegistrationVerifier.exe C:\WINDOWS\system32\AppHostRegistrationVerifier.exe

7/3/2023 9:27:10 AM Run .EXE file FILECOAUTH.EXE C:\USERS\USER\APPDATA\LOCAL\MICROSOFT\ONEDRIVE\23.127.0618.0001\FILECOAU

7/3/2023 9:27:09 AM Run .EXE file APPLICATIONFRAMEHOST.EXE C:\WINDOWS\SYSTEM32\APPLICATIONFRAMEHOST.EXE
7/3/2023 9:27:09 AM Run .EXE file SYSTEMSETTINGS.EXE C:\Windows\IMMERSIVECONTROLPANEL\SYSTEMSETTINGS.EXE

7/3/2023 9:26:53 AM Run .EXE file MICROSOFT.SHAREPOINT.EXE C:\USERS\USER\APPDATA\LOCAL\MICROSOFT\ONEDRIVE\23.127.0618.0001\MICROSOF
7/3/2023 9:26:48 AM Software Installation msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.67\msedgewebview2.ex


7/3/2023 9:26:45 AM Run .EXE file MICROSOFTEDGE_X64_114.0.1823.67_114.0.1823.43.EXE C:\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\Download\{F3017226-FE2A-4295-8

7/3/2023 9:26:44 AM Run .EXE file DATAEXCHANGEHOST.EXE C:\WINDOWS\SYSTEM32\DATAEXCHANGEHOST.EXE
7/3/2023 9:26:41 AM Software Installation msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

7/3/2023 9:26:20 AM Run .EXE file msteams.exe C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFTTEAMS_23119.303.2080.2726_X64__8W

7/3/2023 9:26:20 AM Run .EXE file MSTEAMS_AUTOSTARTER.EXE C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFTTEAMS_23119.303.2080.2726_X64__8W

7/3/2023 9:26:17 AM Run .EXE file cmd.exe C:\Windows\System32\cmd.exe

7/3/2023 9:26:09 AM Run .EXE file GOOGLEUPDATE.EXE C:\WINDOWS\SYSTEMTEMP\GUM7BF2.TMP\GOOGLEUPDATE.EXE

7/3/2023 9:26:09 AM Run .EXE file GOOGLEUPDATESETUP.EXE C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\INSTALL\{4EA28F9A-FC4C-4227-B8B3-D19
7/3/2023 9:26:09 AM Run .EXE file GOOGLECRASHHANDLER.EXE C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.242\GOOGLECRASHHANDLER.EXE
7/3/2023 9:26:08 AM Run .EXE file mobsync.exe C:\Windows\System32\mobsync.exe


7/3/2023 9:25:56 AM Run .EXE file MPSIGSTUB.EXE C:\WINDOWS\SYSTEM32\MPSIGSTUB.EXE

7/3/2023 9:25:56 AM Run .EXE file AM_DELTA.EXE C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\INSTALL\AM_DELTA.EXE

7/3/2023 9:25:54 AM Run .EXE file MICROSOFTEDGE_X64_114.0.1823.67_114.0.1823.43.EXE C:\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\Download\{56EB18F8-B008-4CBD



7/3/2023 9:25:27 AM Run .EXE file SEARCHHOST.EXE C:\Windows\SYSTEMAPPS\MICROSOFTWINDOWS.CLIENT.CBS_CW5N1H2TXYEWY\SEA

7/3/2023 9:25:27 AM Run .EXE file STARTMENUEXPERIENCEHOST.EXE C:\Windows\SYSTEMAPPS\MICROSOFT.WINDOWS.STARTMENUEXPERIENCEHOST_CW
7/3/2023 9:25:25 AM User Logon
7/3/2023 9:24:50 AM Wireless Network Connected
7/3/2023 9:24:50 AM Task Run TimeSyncTask.dll C:\WINDOWS\system32\TimeSyncTask.dll
7/3/2023 9:24:46 AM User Logon
7/3/2023 9:24:46 AM User Logon

7/3/2023 9:24:46 AM User Logon
6/15/2023 5:27:14 PM User Logoff

6/15/2023 5:27:10 PM Run .EXE file CTXWEBBROWSER.EXE C:\PROGRAM FILES (X86)\Citrix\ICA CLIENT\Browser\CTXWEBBROWSER.EXE
6/15/2023 5:14:02 PM User Logon

6/15/2023 2:41:31 PM Run .EXE file MSEDGEWEBVIEW2.EXE C:\PROGRAM FILES (X86)\MICROSOFT\EDGEWEBVIEW\APPLICATION\114.0.1823.43\M

6/15/2023 2:24:50 PM Run .EXE file CWAFEATUREFLAGUPDATER.EXE C:\PROGRAM FILES (X86)\Citrix\ICA CLIENT\Receiver\FEATUREFLAG\CWAFEATUREFLA
6/15/2023 1:53:56 PM Run .EXE file TIWORKER.EXE C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SERVICINGSTACK_31BF3856A


6/15/2023 1:41:01 PM Run .EXE file BACKGROUNDTASKHOST.EXE C:\Windows\System32\BACKGROUNDTASKHOST.EXE


6/15/2023 1:40:13 PM User Logon

6/15/2023 1:40:06 PM Run .EXE file BACKGROUNDTRANSFERHOST.EXE C:\Windows\System32\BACKGROUNDTRANSFERHOST.EXE





6/14/2023 10:03:40 AM Run .EXE file NisSrv.exe C:\PROGRAMDATA\MICROSOFT\WINDOWS DEFENDER\Platform\4.18.23050.5-0\NisSrv.ex
6/14/2023 10:03:32 AM Run .EXE file GOOGLECRASHHANDLER64.EXE C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.242\GOOGLECRASHHANDLER64.EX

6/14/2023 10:03:32 AM Run .EXE file GOOGLECRASHHANDLER.EXE C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.242\GOOGLECRASHHANDLER.EXE
6/14/2023 10:03:29 AM Run .EXE file MsMpEng.exe C:\PROGRAMDATA\MICROSOFT\WINDOWS DEFENDER\Platform\4.18.23050.5-0\MsMpEn

6/14/2023 10:03:28 AM Run .EXE file taskkill.exe C:\Windows\System32\taskkill.exe
6/14/2023 10:03:28 AM Run .EXE file mofcomp.exe C:\Windows\System32\wbem\mofcomp.exe

6/14/2023 10:03:27 AM Run .EXE file wevtutil.exe C:\Windows\System32\wevtutil.exe

6/14/2023 10:03:24 AM Run .EXE file MPRECOVERY.EXE C:\WINDOWS\SYSTEMTEMP\5E46817D-E37D-4777-B768-F5384D53DBC4\MPRECOVERY.
6/14/2023 10:03:24 AM Run .EXE file MPSIGSTUB.EXE C:\WINDOWS\SYSTEMTEMP\5E46817D-E37D-4777-B768-F5384D53DBC4\MPSIGSTUB.EX
6/14/2023 10:03:19 AM Run .EXE file UPDATEPLATFORM.AMD64FRE.EXE C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\INSTALL\UPDATEPLATFORM.A

6/14/2023 10:03:01 AM Run .EXE file SETUP.EXE C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\INSTALL\{BAE29F65-3E56-40B7-9700-4C96
6/14/2023 10:03:01 AM Run .EXE file SETUP.EXE C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\114.0.5735.110\INSTALLER\SETU

6/14/2023 10:03:01 AM Run .EXE file SETUP.EXE C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\114.0.5735.110\INSTALLER\SETU
6/14/2023 10:03:01 AM Run .EXE file 114.0.5735.133_114.0.5735.110_CHROME_UPDATER.EXE C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\INSTALL\{BAE29F65-3E56-40B7-9700-4C96


6/14/2023 9:57:53 AM Run .EXE file AUTHMANSVR.EXE C:\PROGRAM FILES (X86)\Citrix\ICA CLIENT\AUTHMANAGER\AUTHMANSVR.EXE









6/14/2023 9:52:51 AM Run .EXE file chcp.com C:\Windows\System32\chcp.com


6/14/2023 9:52:37 AM User Logon

6/14/2023 9:52:28 AM User Logon
6/14/2023 9:52:28 AM User Logon

6/14/2023 9:52:28 AM User Logon



6/14/2023 9:48:18 AM Software Installation

6/14/2023 9:48:14 AM Run .EXE file MICROSOFTEDGEUPDATE.EXE C:\PROGRAM FILES (X86)\MICROSOFT\TEMP\EUAA73.TMP\MICROSOFTEDGEUPDATE
6/14/2023 9:48:14 AM Run .EXE file MICROSOFTEDGEUPDATESETUP_X86_1.3.175.29.EXE C:\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\Download\{F3C4FE00-EFD5-403B-



6/14/2023 9:47:00 AM Run .EXE file chcp.com C:\Windows\System32\chcp.com

6/14/2023 9:46:44 AM User Logon

6/14/2023 9:46:36 AM User Logon
6/14/2023 9:46:36 AM User Logon

6/14/2023 9:46:36 AM User Logon

6/13/2023 9:38:24 PM User Logoff


6/12/2023 2:41:23 PM Run .EXE file USOCLIENT.EXE C:\WINDOWS\SYSTEM32\USOCLIENT.EXE

6/12/2023 12:41:03 PM Run .EXE file LockApp.exe C:\Windows\SYSTEMAPPS\MICROSOFT.LOCKAPP_CW5N1H2TXYEWY\LockApp.exe
6/12/2023 12:25:47 PM Run .EXE file SYSTEMSETTINGSBROKER.EXE C:\WINDOWS\SYSTEM32\SYSTEMSETTINGSBROKER.EXE

6/12/2023 12:20:27 PM Run .EXE file DEFRAG.EXE C:\WINDOWS\SYSTEM32\DEFRAG.EXE

6/12/2023 12:20:23 PM Run .EXE file MpCmdRun.exe C:\PROGRAMDATA\MICROSOFT\WINDOWS DEFENDER\Platform\4.18.23050.3-0\MpCmdR

6/12/2023 12:19:45 PM Task Run PrinterCleanupTask.dll C:\Windows\System32\PrinterCleanupTask.dll


6/12/2023 12:16:34 PM Run .EXE file WIDGETSERVICE.EXE C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFTWINDOWS.CLIENT.WEBEXPERIENCE

6/12/2023 12:14:20 PM Run .EXE file WMIADAP.exe C:\Windows\System32\wbem\WMIADAP.exe



6/12/2023 12:12:20 PM Run .EXE file SGRMBROKER.EXE C:\WINDOWS\SYSTEM32\SGRM\SGRMBROKER.EXE

6/12/2023 12:12:19 PM Run .EXE file MICROSOFT.SHAREPOINT.EXE C:\USERS\USER\APPDATA\LOCAL\MICROSOFT\ONEDRIVE\23.114.0530.0001\MICROSOF

6/12/2023 12:12:17 PM Run .EXE file OneDrive.exe C:\Users\user\AppData\Local\MICROSOFT\OneDrive\OneDrive.exe
6/12/2023 12:12:16 PM Run .EXE file FILESYNCCONFIG.EXE C:\USERS\USER\APPDATA\LOCAL\MICROSOFT\ONEDRIVE\23.114.0530.0001\FILESYNC
6/12/2023 12:12:13 PM Run .EXE file ONEDRIVESETUP.EXE C:\Users\user\AppData\Local\MICROSOFT\OneDrive\Update\ONEDRIVESETUP.EXE

6/12/2023 12:12:11 PM Run .EXE file ONEDRIVESETUP.EXE C:\Users\user\AppData\Local\MICROSOFT\OneDrive\Update\ONEDRIVESETUP.EXE


6/12/2023 12:11:44 PM Run .EXE file SECURITYHEALTHSERVICE.EXE C:\WINDOWS\SYSTEM32\SECURITYHEALTHSERVICE.EXE
6/12/2023 12:11:44 PM Run .EXE file SECURITYHEALTHSSO.DLL C:\WINDOWS\SYSTEM32\SECURITYHEALTHSSO.DLL

6/12/2023 12:11:34 PM Run .EXE file MSTEAMS.EXE C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFTTEAMS_23091.406.2009.3890_X64__8W

6/12/2023 12:11:34 PM Run .EXE file SPATIALAUDIOLICENSESRV.EXE C:\Windows\System32\SPATIALAUDIOLICENSESRV.EXE

6/12/2023 12:11:23 PM Run .EXE file cvtres.exe C:\Windows\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\cvtres.exe
6/12/2023 12:11:22 PM Run .EXE file csc.exe C:\Windows\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\csc.exe
6/12/2023 12:11:15 PM Run .EXE file WLRMDR.EXE C:\WINDOWS\SYSTEM32\WLRMDR.EXE

6/12/2023 12:10:49 PM Run .EXE file USEROOBEBROKER.EXE C:\WINDOWS\SYSTEM32\OOBE\USEROOBEBROKER.EXE
6/12/2023 12:10:46 PM Run .EXE file WEBEXPERIENCEHOSTAPP.EXE C:\Windows\SYSTEMAPPS\MICROSOFTWINDOWS.CLIENT.CBS_CW5N1H2TXYEWY\WE

6/12/2023 12:10:46 PM Run .EXE file WINFOCUSMONITOR.EXE C:\PROGRAM FILES\Avacee\SIP_AGENT\WINFOCUSMONITOR.EXE
6/12/2023 12:10:46 PM Run .EXE file WIDGETS.EXE C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFTWINDOWS.CLIENT.WEBEXPERIENCE

6/12/2023 12:10:46 PM Run .EXE file STARTMENUEXPERIENCEHOST.EXE C:\Windows\SYSTEMAPPS\MICROSOFT.WINDOWS.STARTMENUEXPERIENCEHOST_CW
6/12/2023 12:10:46 PM Run .EXE file SEARCHHOST.EXE C:\Windows\SYSTEMAPPS\MICROSOFTWINDOWS.CLIENT.CBS_CW5N1H2TXYEWY\SEA
6/12/2023 12:10:44 PM User Logon

6/12/2023 12:10:23 PM Wireless Network Connected
6/12/2023 12:10:19 PM System Started
6/12/2023 12:10:19 PM User Logon

6/12/2023 12:10:18 PM User Logon
6/12/2023 12:10:18 PM User Logon
6/12/2023 11:35:40 AM Run .EXE file MICROSOFTEDGE_X64_114.0.1823.43_114.0.1823.41.EXE C:\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\DOWNLOAD\{F3017226-FE2A-42


6/12/2023 11:34:47 AM User Logon
6/12/2023 11:34:47 AM User Logon
6/12/2023 11:34:47 AM User Logon

6/10/2023 8:37:41 AM User Logoff
6/10/2023 8:37:40 AM Run .EXE file EPDCTRL.EXE C:\WINDOWS\SYSTEM32\EPDCTRL.EXE

6/10/2023 8:37:30 AM Run .EXE file PICKERHOST.EXE C:\Windows\System32\PICKERHOST.EXE


6/9/2023 10:04:50 AM Run .EXE file FILESYNCCONFIG.EXE C:\USERS\USER\APPDATA\LOCAL\MICROSOFT\ONEDRIVE\23.107.0521.0001\FILESYNC

6/9/2023 10:04:17 AM User Logon
6/8/2023 1:34:01 PM Run .EXE file WUAUCLTCORE.EXE C:\Windows\UUS\amd64\WUAUCLTCORE.EXE
6/8/2023 1:33:28 PM Run .EXE file ngen.exe C:\Windows\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ngen.exe


6/8/2023 1:32:56 PM Run .EXE file rundll32.exe C:\Windows\System32\rundll32.exe
6/8/2023 1:32:56 PM Task Run LanguageComponentsInstaller.dll C:\Windows\System32\LanguageComponentsInstaller.dll

6/8/2023 1:32:56 PM Task Run rundll32.exe C:\WINDOWS\system32\rundll32.exe
6/8/2023 1:25:49 PM Run .EXE file MICROSOFTEDGE_X64_114.0.1823.41_114.0.1823.37.EXE C:\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\DOWNLOAD\{F3017226-FE2A-42
6/8/2023 1:25:00 PM Run .EXE file MICROSOFTEDGE_X64_114.0.1823.41_114.0.1823.37.EXE C:\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\DOWNLOAD\{56EB18F8-B008-4C

6/8/2023 1:24:17 PM Run .EXE file msiexec.exe C:\Windows\System32\msiexec.exe
6/8/2023 1:24:17 PM Run .EXE file msiexec.exe C:\Windows\System32\msiexec.exe
6/8/2023 1:24:17 PM Windows Installer Started

6/8/2023 1:24:17 PM Windows Installer Ended



6/8/2023 1:22:58 PM Run .EXE file CWAFEATUREFLAGUPDATER.EXE C:\PROGRAM FILES (X86)\Citrix\ICA CLIENT\Receiver\FEATUREFLAG\CWAFEATUREFLA
6/8/2023 1:21:56 PM User Logon

6/8/2023 1:21:46 PM Run .EXE file LockApp.exe C:\Windows\SYSTEMAPPS\MICROSOFT.LOCKAPP_CW5N1H2TXYEWY\LockApp.exe

6/6/2023 11:56:46 PM Wireless Network Disconnected

6/6/2023 11:15:16 AM Run .EXE file SHELLEXPERIENCEHOST.EXE C:\Windows\SYSTEMAPPS\SHELLEXPERIENCEHOST_CW5N1H2TXYEWY\SHELLEXPER

6/6/2023 11:12:25 AM Run .EXE file SECURITYHEALTHSETUP.EXE C:\WINDOWS\SYSTEM32\SECURITYHEALTH\SECURITYHEALTHSETUP.EXE
6/6/2023 11:12:25 AM Run .EXE file SECURITYHEALTHHOST.EXE C:\WINDOWS\SYSTEM32\SECURITYHEALTHHOST.EXE

6/6/2023 11:10:40 AM User Logon
6/5/2023 4:49:31 PM Run .EXE file GOOGLECRASHHANDLER64.EXE C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.242\GOOGLECRASHHANDLER64.EX

6/5/2023 4:49:31 PM Run .EXE file GOOGLECRASHHANDLER.EXE C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.242\GOOGLECRASHHANDLER.EXE
6/5/2023 4:49:04 PM Run .EXE file SETUP.EXE C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\INSTALL\{B6F78965-8111-4682-A0DF-7D3E
6/5/2023 4:49:03 PM Run .EXE file SETUP.EXE C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\114.0.5735.90\INSTALLER\SETUP

6/5/2023 4:49:03 PM Run .EXE file SETUP.EXE C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\114.0.5735.90\INSTALLER\SETUP
6/5/2023 4:49:03 PM Run .EXE file 114.0.5735.110_114.0.5735.90_CHROME_UPDATER.EXE C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\INSTALL\{B6F78965-8111-4682-A0DF-7D3E
6/5/2023 4:48:48 PM User Logon

6/5/2023 2:55:39 PM Software Installation




6/5/2023 2:55:39 PM Software Installation VC_redist.x64.exe C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
6/5/2023 2:55:39 PM Software Installation VC_redist.x86.exe C:\ProgramData\Package Cache\{1b5476d9-ab8e-4b0d-b004-059a1bd5568b}\VC_redist.x86.exe

6/5/2023 2:55:39 PM Software Installation oldcalcuninst.exe C:\WINDOWS\oldcalcuninst.exe
6/5/2023 2:55:39 PM Software Installation CitrixBrandingHelper.dll C:\Program Files (x86)\Citrix\Citrix WorkSpace 2106.\CitrixBrandingHelper.dll
6/5/2023 1:01:55 PM Run .EXE file MPSIGSTUB.EXE C:\WINDOWS\SYSTEM32\MPSIGSTUB.EXE

6/5/2023 1:01:55 PM Run .EXE file AM_DELTA_PATCH_1.391.518.0.EXE C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\INSTALL\AM_DELTA_PATCH_1.
6/5/2023 1:01:55 PM Run .EXE file WUAUCLTCORE.EXE C:\Windows\UUS\amd64\WUAUCLTCORE.EXE

6/5/2023 11:25:07 AM Run .EXE file SECURITYHEALTHHOST.EXE C:\WINDOWS\SYSTEM32\SECURITYHEALTHHOST.EXE
6/5/2023 11:19:11 AM Run .EXE file AUTHMANSVR.EXE C:\PROGRAM FILES (X86)\Citrix\ICA CLIENT\AUTHMANAGER\AUTHMANSVR.EXE



6/5/2023 11:15:16 AM Run .EXE file ONEDRIVESETUP.EXE C:\WINDOWS\SYSTEM32\ONEDRIVESETUP.EXE

6/5/2023 11:15:08 AM Run .EXE file ONEDRIVESETUP.EXE C:\WINDOWS\SYSTEM32\ONEDRIVESETUP.EXE

6/5/2023 11:15:02 AM Run .EXE file CISCOJABBER.EXE C:\PROGRAM FILES (X86)\CISCO SYSTEMS\CISCO JABBER\CISCOJABBER.EXE


6/5/2023 11:14:51 AM User Logon







6/5/2023 11:00:45 AM Run .EXE file DismHost.exe C:\Windows\System32\Dism\DismHost.exe
6/5/2023 11:00:44 AM Run .EXE file DIRECTXDATABASEUPDATER.EXE C:\WINDOWS\SYSTEM32\DIRECTXDATABASEUPDATER.EXE

6/5/2023 11:00:26 AM Task Run MitigationClient.dll C:\WINDOWS\System32\MitigationClient.dll

6/5/2023 11:00:19 AM Task Run directxdatabaseupdater.exe C:\WINDOWS\system32\directxdatabaseupdater.exe

6/5/2023 11:00:11 AM Task Run sppcext.dll C:\WINDOWS\System32\sppcext.dll
6/5/2023 11:00:10 AM Task Run InputCloudStore.dll C:\Windows\System32\InputCloudStore.dll

6/5/2023 11:00:08 AM Run .EXE file sc.exe C:\Windows\SysWOW64\sc.exe
6/5/2023 11:00:08 AM Run .EXE file RTKAUDUSERVICE64.EXE C:\Windows\System32\DRIVERSTORE\FILEREPOSITORY\REALTEKSERVICE.INF_AMD64_
6/5/2023 11:00:07 AM Run .EXE file SMARTSTANDBYINST.EXE C:\Windows\System32\DRIVERSTORE\FILEREPOSITORY\SMARTSTANDBYCOMPONENT.

6/5/2023 11:00:07 AM Run .EXE file sc.exe C:\Windows\SysWOW64\sc.exe
6/5/2023 11:00:07 AM Run .EXE file POWERMGRINST.EXE C:\Windows\System32\DRIVERSTORE\FILEREPOSITORY\POWERMGR.INF_AMD64_2CF15
6/5/2023 11:00:06 AM Run .EXE file schtasks.exe C:\Windows\System32\schtasks.exe


6/5/2023 11:00:06 AM Run .EXE file rundll32.exe C:\Windows\SysWOW64\rundll32.exe

6/5/2023 11:00:06 AM Run .EXE file SMARTSTANDBY.EXE C:\Windows\System32\DRIVERSTORE\FILEREPOSITORY\SMARTSTANDBYCOMPONENT.
6/5/2023 11:00:06 AM Run .EXE file icacls.exe C:\Windows\System32\icacls.exe

6/5/2023 11:00:06 AM Run .EXE file takeown.exe C:\Windows\System32\takeown.exe
6/5/2023 11:00:06 AM Run .EXE file icacls.exe C:\Windows\System32\icacls.exe
6/5/2023 11:00:06 AM Run .EXE file takeown.exe C:\Windows\System32\takeown.exe
6/5/2023 11:00:05 AM Run .EXE file wevtutil.exe C:\Windows\SysWOW64\wevtutil.exe

6/5/2023 11:00:05 AM Run .EXE file taskkill.exe C:\Windows\SysWOW64\taskkill.exe

6/5/2023 11:00:04 AM Run .EXE file PowerMgr.exe C:\Windows\System32\DRIVERSTORE\FILEREPOSITORY\POWERMGR.INF_AMD64_2CF15
6/5/2023 11:00:04 AM Run .EXE file SMARTSTANDBYINST.EXE C:\Windows\System32\DRIVERSTORE\FILEREPOSITORY\SMARTSTANDBYCOMPONENT.

6/5/2023 11:00:02 AM Run .EXE file POWERMGRINST.EXE C:\Windows\System32\DRIVERSTORE\FILEREPOSITORY\POWERMGR.INF_AMD64_2CF15
6/5/2023 10:59:52 AM Task Run RAServer.exe C:\WINDOWS\system32\RAServer.exe

6/5/2023 10:59:41 AM Run .EXE file SETUP.EXE C:\PROGRAM FILES (X86)\MICROSOFT\EDGE\APPLICATION\114.0.1823.37\INSTALLER\S

6/5/2023 10:59:40 AM Run .EXE file unregmp2.exe C:\Windows\System32\unregmp2.exe

6/5/2023 10:59:40 AM Run .EXE file RTKAUDUSERVICE64.EXE C:\Windows\System32\DRIVERSTORE\FILEREPOSITORY\REALTEKSERVICE.INF_AMD64_

6/5/2023 10:59:38 AM Run .EXE file IE4UINIT.EXE C:\WINDOWS\SYSTEM32\IE4UINIT.EXE
6/5/2023 10:59:38 AM Run .EXE file runonce.exe C:\Windows\System32\runonce.exe
6/5/2023 10:59:38 AM Run .EXE file WINFOCUSMONITOR.EXE C:\PROGRAM FILES\Avacee\SIP_AGENT\WINFOCUSMONITOR.EXE

6/5/2023 10:59:37 AM Task Run pnppolicy.dll C:\Windows\System32\pnppolicy.dll
6/5/2023 10:59:37 AM User Logon


6/5/2023 10:59:29 AM Run .EXE file taskkill.exe C:\Windows\System32\taskkill.exe
6/5/2023 10:59:29 AM Run .EXE file mofcomp.exe C:\Windows\System32\wbem\mofcomp.exe



6/5/2023 10:59:28 AM Run .EXE file SEARCHINDEXER.EXE C:\Windows\System32\SEARCHINDEXER.EXE
6/5/2023 10:59:27 AM Run .EXE file MsMpEng.exe C:\PROGRAM FILES\WINDOWS DEFENDER\MsMpEng.exe
6/5/2023 10:59:27 AM Run .EXE file MIGHOST.EXE C:\$WINDOWS.~BT\SOURCES\MIGHOST.EXE


6/5/2023 10:59:15 AM Run .EXE file MCBUILDER.EXE C:\Windows\System32\MCBUILDER.EXE


6/5/2023 10:57:56 AM User Logon
6/5/2023 10:57:56 AM User Logon
6/5/2023 10:57:56 AM User Logon

6/5/2023 10:57:17 AM Software Installation virtuwebmail_20230511014807.ico C:\Users\user\AppData\Roaming\Citrix\SelfService\Icons\virtuwebmail_20230511014807.ico
6/5/2023 10:57:17 AM Software Installation theloop_20230511014806.ico C:\Users\user\AppData\Roaming\Citrix\SelfService\Icons\theloop_20230511014806.ico
6/5/2023 10:57:17 AM Software Installation remotedesktop_20230511014808.ico C:\Users\user\AppData\Roaming\Citrix\SelfService\Icons\remotedesktop_20230511014808.ico

6/5/2023 10:57:17 AM Software Installation putty_20230511014759.ico C:\Users\user\AppData\Roaming\Citrix\SelfService\Icons\putty_20230511014759.ico
6/5/2023 10:57:17 AM Software Installation jira_20230511014759.ico C:\Users\user\AppData\Roaming\Citrix\SelfService\Icons\jira_20230511014759.ico




6/5/2023 10:56:19 AM User Logon
6/5/2023 10:56:19 AM User Logon

6/5/2023 10:56:19 AM User Logon





User Actions and Events List

Uploaded by

Copyright:

Available Formats

User Actions and Events List

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

User Actions and Events List

Uploaded by

Copyright:

Available Formats

User Actions and Events List

Created by using LastActivityView

Action Time Description Filename F

8/27/2023 6:18:42 AM Run .EXE file AUDIODG.EXE C:\WINDOWS\SYSTEM32\AUDIODG.EXE

8/27/2023 6:18:42 AM Run .EXE file ctfmon.exe C:\Windows\System32\ctfmon.exe

8/27/2023 6:18:26 AM Run .EXE file msedge.exe C:\PROGRAM FILES (X86)\MICROSOFT\Edge\APPLICATION\msedge.exe

8/27/2023 6:18:08 AM Run .EXE file msedge.exe C:\PROGRAM FILES (X86)\MICROSOFT\Edge\APPLICATION\msedge.exe

8/27/2023 6:18:08 AM Run .EXE file msedge.exe C:\PROGRAM FILES (X86)\MICROSOFT\Edge\APPLICATION\msedge.exe

8/27/2023 6:18:08 AM Run .EXE file msedge.exe C:\PROGRAM FILES (X86)\MICROSOFT\Edge\APPLICATION\msedge.exe

8/27/2023 6:18:08 AM Run .EXE file msedge.exe C:\PROGRAM FILES (X86)\MICROSOFT\Edge\APPLICATION\msedge.exe

8/27/2023 6:18:03 AM Run .EXE file BACKGROUNDTASKHOST.EXE C:\Windows\System32\BACKGROUNDTASKHOST.EXE

8/27/2023 6:16:50 AM Open file or folder Results D:\Results

8/27/2023 6:16:50 AM Select file in open/save dialog-box FullEventLogView.htm D:\Results\FullEventLogView.htm

8/27/2023 6:16:50 AM Select file in open/save dialog-box FullEventLogView.htm D:\Results\FullEventLogView.htm

8/27/2023 6:13:37 AM Run .EXE file TASKHOSTW.EXE C:\WINDOWS\SYSTEM32\TASKHOSTW.EXE

8/27/2023 6:13:26 AM Run .EXE file ctfmon.exe C:\Windows\System32\ctfmon.exe

8/27/2023 6:12:59 AM Run .EXE file svchost.exe C:\Windows\System32\svchost.exe

8/27/2023 6:08:30 AM Run .EXE file AUDIODG.EXE C:\WINDOWS\SYSTEM32\AUDIODG.EXE

8/27/2023 6:06:22 AM Run .EXE file svchost.exe C:\Windows\System32\svchost.exe

8/27/2023 5:55:34 AM Run .EXE file CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE

8/27/2023 5:53:20 AM Run .EXE file MICROSOFTEDGEUPDATE.EXE C:\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\MICROSOFTEDGEUPDATE.EXE

8/27/2023 5:47:18 AM Run .EXE file MOUSOCOREWORKER.EXE C:\Windows\UUS\amd64\MOUSOCOREWORKER.EXE

8/27/2023 5:47:18 AM Task Run cleanmgr.exe C:\WINDOWS\system32\cleanmgr.exe

8/27/2023 5:41:21 AM Run .EXE file MSEDGEWEBVIEW2.EXE C:\PROGRAM FILES (X86)\MICROSOFT\EDGEWEBVIEW\APPLICATION\114.0.1823.67\M

8/27/2023 5:41:21 AM Run .EXE file MSEDGEWEBVIEW2.EXE C:\PROGRAM FILES (X86)\MICROSOFT\EDGEWEBVIEW\APPLICATION\114.0.1823.67\M

8/27/2023 5:40:34 AM Run .EXE file POWERSHELL.EXE C:\Windows\System32\WINDOWSPOWERSHELL\v1.0\POWERSHELL.EXE

8/27/2023 5:33:36 AM Run .EXE file MOUSOCOREWORKER.EXE C:\Windows\UUS\amd64\MOUSOCOREWORKER.EXE

8/27/2023 5:25:34 AM Run .EXE file CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE

8/27/2023 5:24:13 AM Run .EXE file GOOGLEUPDATE.EXE C:\PROGRAM FILES (X86)\Google\Update\GOOGLEUPDATE.EXE

8/27/2023 5:20:33 AM Run .EXE file MpCmdRun.exe C:\PROGRAMDATA\MICROSOFT\WINDOWS DEFENDER\Platform\4.18.23050.5-0\MpCmdR

8/27/2023 5:10:34 AM Run .EXE file sdbinst.exe C:\Windows\System32\sdbinst.exe

8/27/2023 4:53:20 AM Run .EXE file MICROSOFTEDGEUPDATE.EXE C:\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\MICROSOFTEDGEUPDATE.EXE

8/27/2023 4:44:50 AM Run .EXE file CONSENT.EXE C:\WINDOWS\SYSTEM32\CONSENT.EXE

8/27/2023 4:42:01 AM Run .EXE file msedge.exe C:\PROGRAM FILES (X86)\MICROSOFT\Edge\APPLICATION\msedge.exe

8/27/2023 4:40:35 AM Run .EXE file msedge.exe C:\PROGRAM FILES (X86)\MICROSOFT\Edge\APPLICATION\msedge.exe

8/27/2023 4:39:23 AM Run .EXE file ctfmon.exe C:\Windows\System32\ctfmon.exe

8/27/2023 4:39:00 AM Run .EXE file SEARCHPROTOCOLHOST.EXE C:\Windows\System32\SEARCHPROTOCOLHOST.EXE

8/27/2023 4:38:31 AM Run .EXE file RUNTIMEBROKER.EXE C:\WINDOWS\SYSTEM32\RUNTIMEBROKER.EXE

8/27/2023 4:38:31 AM Run .EXE file IDENTITY_HELPER.EXE C:\PROGRAM FILES (X86)\MICROSOFT\Edge\APPLICATION\114.0.1823.67\IDENTITY_HE

8/27/2023 4:38:31 AM Run .EXE file msedge.exe C:\PROGRAM FILES (X86)\MICROSOFT\Edge\APPLICATION\msedge.exe

8/27/2023 4:38:31 AM Run .EXE file msedge.exe C:\PROGRAM FILES (X86)\MICROSOFT\Edge\APPLICATION\msedge.exe

8/27/2023 4:38:00 AM Run .EXE file msedge.exe C:\PROGRAM FILES (X86)\MICROSOFT\Edge\APPLICATION\msedge.exe

8/27/2023 4:38:00 AM Run .EXE file msedge.exe C:\PROGRAM FILES (X86)\MICROSOFT\Edge\APPLICATION\msedge.exe

8/27/2023 4:38:00 AM Run .EXE file msedge.exe C:\PROGRAM FILES (X86)\MICROSOFT\Edge\APPLICATION\msedge.exe

8/27/2023 4:37:56 AM Run .EXE file rundll32.exe C:\Windows\System32\rundll32.exe

8/27/2023 4:36:35 AM Run .EXE file dllhost.exe C:\Windows\System32\dllhost.exe

8/27/2023 4:35:01 AM Run .EXE file SMARTSCREEN.EXE C:\WINDOWS\SYSTEM32\SMARTSCREEN.EXE

8/27/2023 4:34:54 AM Run .EXE file dllhost.exe C:\Windows\System32\dllhost.exe

8/27/2023 4:33:49 AM Run .EXE file WUDFHOST.EXE C:\WINDOWS\SYSTEM32\WUDFHOST.EXE

8/27/2023 4:32:43 AM Run .EXE file svchost.exe C:\Windows\System32\svchost.exe

8/27/2023 4:32:29 AM Run .EXE file MONOTIFICATIONUX.EXE C:\Windows\UUS\amd64\MONOTIFICATIONUX.EXE

8/27/2023 4:32:29 AM Run .EXE file MONOTIFICATIONUX.EXE C:\Windows\UUS\amd64\MONOTIFICATIONUX.EXE

8/27/2023 4:32:28 AM Run .EXE file MOUSOCOREWORKER.EXE C:\Windows\UUS\amd64\MOUSOCOREWORKER.EXE

8/27/2023 4:32:07 AM Run .EXE file WmiPrvSE.exe C:\Windows\System32\wbem\WmiPrvSE.exe

8/27/2023 4:32:07 AM Run .EXE file svchost.exe C:\Windows\System32\svchost.exe

8/27/2023 4:32:05 AM Run .EXE file svchost.exe C:\Windows\System32\svchost.exe

8/27/2023 4:31:58 AM Run .EXE file COMPATTELRUNNER.EXE C:\WINDOWS\SYSTEM32\COMPATTELRUNNER.EXE

8/27/2023 4:31:27 AM Run .EXE file svchost.exe C:\Windows\System32\svchost.exe

8/27/2023 4:31:27 AM Task Run sc.exe C:\WINDOWS\system32\sc.exe

8/27/2023 4:24:08 AM Run .EXE file GOOGLEUPDATE.EXE C:\PROGRAM FILES (X86)\Google\Update\GOOGLEUPDATE.EXE