You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2.5 KiB
2.5 KiB
| 1 | _time | host | Image | CommandLine | EventCode |
|---|---|---|---|---|---|
| 2 | 2017-06-26T04:36:54.000+0000 | we8105desk | fsutil.exe | fsutil usn deletejournal /D | 1 |
| 3 | 2017-06-26T04:36:54.000+0000 | we8105desk | calc.exe | C:\Windows\SysWOW64\DllHost.exe /Processid:{1EF75F33-893B-4E8F-9655-C3D602BA4897} | 1 |
| 4 | 2017-06-26T04:36:54.000+0000 | we1149srv | calc.exe | C:\Windows\system32\wbem\wmiprvse.exe -Embedding | 1 |
| 5 | 2017-06-26T04:36:54.000+0000 | we1149srv | calc.exe | C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding | 1 |
| 6 | 2017-06-26T04:36:54.000+0000 | we8105desk | calc.exe | C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding | 1 |
| 7 | 2017-06-26T04:36:54.000+0000 | we8105desk | calc.exe | "C:\Windows\system32\w32tm.exe" /stripchart /computer:we9041srv.waynecorpinc.local /dataonly /samples:1 | 1 |
| 8 | 2017-06-26T04:36:54.000+0000 | we8105desk | calc.exe | "C:\Windows\system32\PING.EXE" we9041srv.waynecorpinc.local /n 2 | 1 |
| 9 | 2017-06-26T04:36:54.000+0000 | we8105desk | calc.exe | "C:\Windows\system32\w32tm.exe" /query /source | 1 |
| 10 | 2017-06-26T04:36:54.000+0000 | we8105desk | calc.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\BOBSMI~1.WAY\AppData\Local\Temp\RES958E.tmp" "c:\Users\bob.smith.WAYNECORPINC\AppData\Local\Temp\CSC958D.tmp" | 1 |
| 11 | 2017-06-26T04:36:54.000+0000 | we8105desk | calc.exe | "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\bob.smith.WAYNECORPINC\AppData\Local\Temp\l62oeljq.cmdline" | 1 |
| 12 | 2017-06-26T04:36:54.000+0000 | we8105desk | calc.exe | C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding | 1 |
| 13 | 2017-06-26T04:36:54.000+0000 | we8105desk | calc.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\BOBSMI~1.WAY\AppData\Local\Temp\RES93AA.tmp" "c:\Users\bob.smith.WAYNECORPINC\AppData\Local\Temp\CSC93A9.tmp" | 1 |
| 14 | 2017-06-26T04:36:54.000+0000 | we8105desk | calc.exe | "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\bob.smith.WAYNECORPINC\AppData\Local\Temp\m7m1p90n.cmdline" | 1 |
| 15 | 2017-06-26T04:36:54.000+0000 | we8105desk | calc.exe | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\BOBSMI~1.WAY\AppData\Local\Temp\RES936C.tmp" "c:\Users\bob.smith.WAYNECORPINC\AppData\Local\Temp\CSC936B.tmp" | 1 |
| 16 | 2017-06-26T04:36:54.000+0000 | we8105desk | calc.exe | "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\bob.smith.WAYNECORPINC\AppData\Local\Temp\skj1oiou.cmdline" | 1 |