[go: up one dir, main page]
Scribd
Upload
68 views16 pages

IT Admin Activity Log

Uploaded by

cpmpert
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
68 views16 pages

IT Admin Activity Log

Uploaded by

cpmpert
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 16

User Actions and Events List

Created by using LastActivityView

File
Action Exte
Description Filename Full Path More Information
Time nsio
n

07/05/20
CreateObjectTask,
21 Task Run shell32.dll C:\Windows\system32\shell32.dll dll
\Microsoft\Windows\Shell\CreateObjectTask
15:01:08

07/05/20
21 User Logon WORKGROUP\Administrador
15:01:06

07/05/20
Open file or C:\Users\Administrador\Desktop\mimikatz_t
21 mimikatz_trunk.zip zip
folder runk.zip
14:54:36

07/05/20
View Folder in
21 Z:\
Explorer
14:54:29

07/05/20
C:\Program Files
21 Task Run GoogleUpdate.exe GoogleUpdateTaskMachineUA, \GoogleUpdateTaskMachineUA exe
(x86)\Google\Update\GoogleUpdate.exe
14:18:53

07/05/20
wuautoappupdate. Automatic App Update,
21 Task Run C:\Windows\System32\wuautoappupdate.dll dll
dll \Microsoft\Windows\WindowsUpdate\Automatic App Update
14:17:43
07/05/20
Open file or C:\Users\Administrador\Desktop\gentilkiwi-
21 mimikatz
folder mimikatz-09fb1f6\mimikatz
13:52:42

07/05/20
Open file or C:\Users\Administrador\Desktop\gentilkiwi-
21 mimikatz.ico ico
folder mimikatz-09fb1f6\mimikatz\mimikatz.ico
13:52:42

07/05/20
21 User Logon WORKGROUP\DWM-3
13:42:24

07/05/20
21 User Logon WORKGROUP\Administrador
13:42:23

07/05/20
21 User Logon WORKGROUP\DWM-2
13:42:22

07/05/20
21 User Logon WORKGROUP\Administrador
12:55:39

07/05/20 USO_UxBroker_Display,
MusNotification.ex
21 Task Run C:\Windows\system32\MusNotification.exe \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Dis exe
e
12:49:09 play

07/05/20
Open file or
21 curriculum C:\curriculum
folder
12:36:25
07/05/20
Open file or
21 curriculum1.pdf C:\curriculum\curriculum1.pdf pdf
folder
12:36:25

07/05/20 Select file in


21 open/save curriculum1.pdf C:\curriculum\curriculum1.pdf pdf
12:36:25 dialog-box

07/05/20 Select file in


21 open/save curriculum1.pdf C:\curriculum\curriculum1.pdf pdf
12:36:25 dialog-box

07/05/20
Open file or
21 C:\
folder
12:36:22

07/05/20
Open file or
21 C:\
folder
12:36:22

07/05/20
21 Task Run rundll32.exe C:\Windows\system32\rundll32.exe Proxy, \Microsoft\Windows\Autochk\Proxy exe
12:26:28

07/05/20
Open file or
21 Desktop C:\Users\Administrador\Desktop
folder
12:19:57

07/05/20 2.2.0 20200918


Open file or C:\Users\Administrador\Downloads\2.2.0
21 Zerologon zip
folder 20200918 Zerologon encrypted.zip
12:19:45 encrypted.zip
07/05/20
C:\Program Files GoogleUpdateTaskMachineCore,
21 Task Run GoogleUpdate.exe exe
(x86)\Google\Update\GoogleUpdate.exe \GoogleUpdateTaskMachineCore
12:18:53

07/05/20 C:\Program
Software
21 chrome.exe Files\Google\Chrome\Application\chrome.ex Google Chrome exe
Installation
12:14:44 e

07/05/20 Installation,
LanguageCompone C:\Windows\System32\LanguageComponent
21 Task Run \Microsoft\Windows\LanguageComponentsInstaller\Installatio dll
ntsInstaller.dll sInstaller.dll
12:02:01 n

07/05/20
Scheduled Start,
21 Task Run sc.exe C:\Windows\system32\sc.exe exe
\Microsoft\Windows\WindowsUpdate\Scheduled Start
12:00:58

07/05/20
Consolidator, \Microsoft\Windows\Customer Experience
21 Task Run wsqmcons.exe C:\Windows\System32\wsqmcons.exe exe
Improvement Program\Consolidator
12:00:05

07/05/20
XblGameSaveTask. XblGameSaveTaskLogon,
21 Task Run C:\Windows\System32\XblGameSaveTask.exe exe
exe \Microsoft\XblGameSave\XblGameSaveTaskLogon
11:56:28

07/05/20
SilentCleanup,
21 Task Run cleanmgr.exe C:\Windows\system32\cleanmgr.exe exe
\Microsoft\Windows\DiskCleanup\SilentCleanup
11:56:28

07/05/20
XblGameSaveTask. XblGameSaveTask,
21 Task Run C:\Windows\System32\XblGameSaveTask.exe exe
exe \Microsoft\XblGameSave\XblGameSaveTask
11:56:28
07/05/20
Schedule Scan,
21 Task Run usoclient.exe C:\Windows\system32\usoclient.exe exe
\Microsoft\Windows\UpdateOrchestrator\Schedule Scan
11:55:28

07/05/20
QueueReporting, \Microsoft\Windows\Windows Error
21 Task Run wermgr.exe C:\Windows\system32\wermgr.exe exe
Reporting\QueueReporting
11:49:27

07/05/20
Configuration, \Microsoft\Windows\Software Inventory
21 Task Run cmd.exe C:\Windows\system32\cmd.exe exe
Logging\Configuration
11:47:27

07/05/20
21 Task Run wininet.dll C:\Windows\system32\wininet.dll CacheTask, \Microsoft\Windows\Wininet\CacheTask dll
11:47:00

07/05/20
MsCtfMonitor,
21 Task Run MsCtfMonitor.dll C:\Windows\system32\MsCtfMonitor.dll dll
\Microsoft\Windows\TextServicesFramework\MsCtfMonitor
11:47:00

07/05/20
ServerManagerLau C:\Windows\system32\ServerManagerLaunc ServerManager, \Microsoft\Windows\Server
21 Task Run exe
ncher.exe her.exe Manager\ServerManager
11:47:00

07/05/20
UserTask,
21 Task Run dimsjob.dll C:\Windows\system32\dimsjob.dll dll
\Microsoft\Windows\CertificateServicesClient\UserTask
11:47:00

07/05/20
21 User Logon WORKGROUP\Administrador
11:46:59
07/05/20
SystemTask,
21 Task Run dimsjob.dll C:\Windows\system32\dimsjob.dll dll
\Microsoft\Windows\CertificateServicesClient\SystemTask
11:46:38

07/05/20
Tpm-Maintenance, \Microsoft\Windows\TPM\Tpm-
21 Task Run TpmTasks.dll C:\Windows\system32\TpmTasks.dll dll
Maintenance
11:46:26

07/05/20
21 System Started
11:46:26

07/05/20
21 Task Run CheckStatus.bat" "C:\Program Files\Npcap\CheckStatus.bat" npcapwatchdog, \npcapwatchdog bat"
11:46:26

07/05/20
21 Task Run devicecensus.exe C:\Windows\system32\devicecensus.exe Device, \Microsoft\Windows\Device Information\Device exe
11:46:26

07/05/20
21 User Logon WORKGROUP\DWM-1
11:46:25

07/05/20
System
21
Shutdown
11:42:32

07/05/20
21 User Logoff WIN-SF01JTM2DHI\Administrador
11:42:31
07/05/20
21 User Logon WORKGROUP\Administrador
11:23:47

07/05/20
21 System Started
11:23:10

07/05/20
21 User Logon WORKGROUP\DWM-1
11:23:09

07/05/20
System
21
Shutdown
11:21:22

07/05/20
21 User Logoff WIN-SF01JTM2DHI\Administrador
11:21:22

07/05/20
21 User Logon WORKGROUP\Administrador
11:14:00

07/05/20
21 System Started
11:13:32

07/05/20
21 User Logon WORKGROUP\DWM-1
11:13:31
07/05/20
System
21
Shutdown
11:13:19

07/05/20
21 User Logoff WIN-SF01JTM2DHI\Administrador
11:13:19

07/05/20
SmartScreenSpecific,
21 Task Run apprepsync.dll C:\Windows\system32\apprepsync.dll dll
\Microsoft\Windows\AppID\SmartScreenSpecific
11:10:57

07/05/20
21 User Logon WORKGROUP\Administrador
10:29:56

07/05/20
21 System Started
10:29:28

07/05/20
21 User Logon WORKGROUP\DWM-1
10:29:27

07/05/20
System
21
Shutdown
10:29:19

07/05/20
21 User Logoff WIN-SF01JTM2DHI\Administrador
10:29:18
07/05/20
Refresh Settings,
21 Task Run usoclient.exe C:\Windows\system32\usoclient.exe exe
\Microsoft\Windows\UpdateOrchestrator\Refresh Settings
10:25:54

07/05/20
21 Task Run sihclient.exe C:\Windows\System32\sihclient.exe sih, \Microsoft\Windows\WindowsUpdate\sih exe
10:24:39

07/05/20
21 User Logon WORKGROUP\Administrador
10:00:24

07/05/20
21 System Started
9:59:45

07/05/20
21 User Logon WORKGROUP\DWM-1
9:59:43

07/05/20
System
21
Shutdown
9:26:27

07/05/20
21 User Logoff WIN-SF01JTM2DHI\Administrador
9:26:11

07/05/20
NetworkStateChangeTask,
21 Task Run SettingSyncCore.dll C:\Windows\system32\SettingSyncCore.dll dll
\Microsoft\Windows\SettingSync\NetworkStateChangeTask
9:20:44
07/05/20
SpeechModelDow C:\Windows\system32\speech_onecore\com SpeechModelDownloadTask,
21 Task Run exe
nload.exe mon\SpeechModelDownload.exe \Microsoft\Windows\Speech\SpeechModelDownloadTask
9:20:43

07/05/20
SetupCleanupTask. C:\Windows\system32\oobe\SetupCleanupTa SetupCleanupTask,
21 Task Run dll
dll sk.dll \Microsoft\Windows\Setup\SetupCleanupTask
9:20:42

07/05/20 Pre-staged app cleanup,


21 Task Run rundll32.exe C:\Windows\system32\rundll32.exe \Microsoft\Windows\AppxDeploymentClient\Pre-staged app exe
9:20:42 cleanup

07/05/20
AppHostRegistratio C:\Windows\system32\AppHostRegistrationV appuriverifierdaily,
21 Task Run exe
nVerifier.exe erifier.exe \Microsoft\Windows\ApplicationData\appuriverifierdaily
9:20:42

07/05/20 Microsoft Compatibility Appraiser,


compattelrunner.e
21 Task Run C:\Windows\system32\compattelrunner.exe \Microsoft\Windows\Application Experience\Microsoft exe
xe
9:20:42 Compatibility Appraiser

06/05/20
21 User Logon WORKGROUP\Administrador
17:32:17

06/05/20
21 User Logon WORKGROUP\DWM-1
17:31:47

06/05/20
21 System Started
17:31:47
06/05/20
System
21
Shutdown
17:31:38

06/05/20
21 User Logoff WIN-SF01JTM2DHI\Administrador
17:31:37

06/05/20
View Folder in CarpetaCompartid
21 \\VBOXSVR\CarpetaCompartida
Explorer a
17:31:36

06/05/20
Software
21 Wireshark.exe C:\Program Files\Wireshark\Wireshark.exe Wireshark 3.4.5 64-bit exe
Installation
17:31:28

06/05/20
Software
21 uninstall.exe C:\Program Files\Npcap\uninstall.exe Npcap exe
Installation
17:30:39

06/05/20 C:\ProgramData\Package Cache\{53f1dc9d-


Software Microsoft Visual C++ 2015-2019 Redistributable (x64) -
21 VC_redist.x64.exe ed94-4650-a079- exe
Installation 14.28.29910
17:30:11 129785ce7905}\VC_redist.x64.exe

06/05/20
Windows
21
Installer Ended
17:30:11

06/05/20
Windows
21
Installer Started
17:30:08
06/05/20
Windows
21
Installer Ended
17:30:08

06/05/20
Windows
21
Installer Started
17:30:08

06/05/20
Open file or
21 activity.txt C:\Users\Administrador\Desktop\activity.txt txt
folder
17:24:40

06/05/20 .NET Framework NGEN v4.0.30319 Critical,


21 Task Run mscoree.dll C:\Windows\System32\mscoree.dll \Microsoft\Windows\.NET Framework\.NET Framework NGEN dll
16:46:36 v4.0.30319 Critical

06/05/20 .NET Framework NGEN v4.0.30319 64 Critical,


21 Task Run mscoree.dll C:\Windows\System32\mscoree.dll \Microsoft\Windows\.NET Framework\.NET Framework NGEN dll
16:46:36 v4.0.30319 64 Critical

06/05/20 SvcRestartTaskNetwork,
21 Task Run sppcext.dll C:\Windows\System32\sppcext.dll \Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartT dll
16:35:50 askNetwork

06/05/20 SvcRestartTaskLogon,
21 Task Run sppcext.dll C:\Windows\System32\sppcext.dll \Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartT dll
16:30:56 askLogon

06/05/20
21 User Logon WORKGROUP\Administrador
16:30:54
06/05/20
21 System Started
16:30:02

06/05/20
21 User Logon WORKGROUP\DWM-1
16:30:00

06/05/20
21 User Logon WORKGROUP\Administrador
16:21:42

06/05/20
21 System Started
16:20:54

06/05/20
21 User Logon WORKGROUP\DWM-1
16:20:53

06/05/20
System
21
Shutdown
16:20:37

06/05/20
21 User Logoff WIN-SF01JTM2DHI\Administrador
16:20:36

06/05/20
View Folder in
21 D:\
Explorer
16:19:40
06/05/20
ForceSynchronizeTime, \Microsoft\Windows\Time
21 Task Run TimeSyncTask.dll C:\Windows\system32\TimeSyncTask.dll dll
Synchronization\ForceSynchronizeTime
16:19:20

06/05/20
Calibration Loader,
21 Task Run mscms.dll C:\Windows\System32\mscms.dll dll
\Microsoft\Windows\WindowsColorSystem\Calibration Loader
16:18:43

06/05/20
21 User Logon WORKGROUP\Administrador
16:18:41

06/05/20
21 System Started
16:17:01

06/05/20
21 User Logon WORKGROUP\DWM-1
16:16:54

06/05/20
System
21
Shutdown
16:16:42

06/05/20
21 System Started
16:15:46

06/05/20
Software
21 IE40
Installation
16:15:45
06/05/20
Software
21 SchedulingAgent
Installation
16:15:45

06/05/20
Software
21 Fontcore
Installation
16:15:45

06/05/20
Software
21 WIC
Installation
16:15:45

06/05/20
Software
21 IE4Data
Installation
16:15:45

06/05/20
Software
21 DirectDrawEx
Installation
16:15:45

06/05/20
Software
21 MobileOptionPack
Installation
16:15:45

06/05/20
Software
21 IEData
Installation
16:15:45

06/05/20
Software
21 Connection Manager
Installation
16:15:45
06/05/20
Software
21 AddressBook
Installation
16:15:45

06/05/20
Software
21 MPlayer2
Installation
16:15:45

06/05/20
Software
21 DXM_Runtime
Installation
16:15:45

06/05/20
Software
21 IE5BAKEX
Installation
16:15:45

06/05/20
21 User Logon \DWM-1
16:15:34

You might also like