i was hoping others could take a look at the following the piqued my curiosity;
Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.17763.316
HostId=7861b665-9337-4805-b849-a5091c50c594
HostApplication=C:\Windows\system32\WindowsPowershell\v1.0\powershell.exe Set-MpPreference -
DisableBehaviorMonitoring $true ; Set-MpPreference -MAPSReporting 0 ; Set-MpPreference -ExclusionProcess
rundll32.exe ; Set-MpPreference -ExclusionExtension dll
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=
now, I have a lot of events popping up similar to this (over 200 entries going back to february) for power shell in event viewer with provider name alias popping up and junk. host application here looked suspect to me though.
also, while following one of the folder paths i found a profile for the internet i didn't make with a file extension that was for encoded files.. once I took that files permissions away I just tried to run a speedtest for the internet and it showed me connected to vps servers in hayward, CA which is the correct state but i am in sacramento 2 or 3 hours away from that city..
Thoughts??
Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.17763.316
HostId=7861b665-9337-4805-b849-a5091c50c594
HostApplication=C:\Windows\system32\WindowsPowershell\v1.0\powershell.exe Set-MpPreference -
DisableBehaviorMonitoring $true ; Set-MpPreference -MAPSReporting 0 ; Set-MpPreference -ExclusionProcess
rundll32.exe ; Set-MpPreference -ExclusionExtension dll
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=
now, I have a lot of events popping up similar to this (over 200 entries going back to february) for power shell in event viewer with provider name alias popping up and junk. host application here looked suspect to me though.
also, while following one of the folder paths i found a profile for the internet i didn't make with a file extension that was for encoded files.. once I took that files permissions away I just tried to run a speedtest for the internet and it showed me connected to vps servers in hayward, CA which is the correct state but i am in sacramento 2 or 3 hours away from that city..
Thoughts??
Last edited:
Facebook
Twitter
Instagram