{ "event_id": "552a0a70-12ac-11eb-a025-0242ac110025", "event_type": "network_connection", "time_created": "1970-01-01T00:00:14.577Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "17452", "direction": "in", "connection_volume_in": 51, "connection_volume_out": 131, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "552a451c-12ac-11eb-a025-0242ac110025", "event_type": "network_connection", "time_created": "1970-01-01T00:00:14.624Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "17452", "direction": "in", "connection_volume_in": 512, "connection_volume_out": 361, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "9ef9891e-12ac-11eb-b1cd-0242ac11002f", "event_type": "network_connection", "time_created": "1970-01-01T00:00:44.577Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "19634", "direction": "in", "connection_volume_in": 51, "connection_volume_out": 131, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "9efc1918-12ac-11eb-b1cd-0242ac11002f", "event_type": "windows_event", "time_created": "1970-01-01T00:00:44.670Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 826, "execution_thread_id": 4812, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "19634", "ed_keylength": "0", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "NT AUTHORITY", "ed_targetlogonid": "0x12e8cb1", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:00:44.670Z", "last_event_time": "1970-01-01T00:00:44.670Z" } } { "event_id": "9ef9aad4-12ac-11eb-b1cd-0242ac11002f", "event_type": "network_connection", "time_created": "1970-01-01T00:00:45.045Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "19634", "direction": "in", "connection_volume_in": 875, "connection_volume_out": 728, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "9efc6bac-12ac-11eb-b1cd-0242ac11002f", "event_type": "windows_event", "time_created": "1970-01-01T00:01:21.717Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 828, "execution_thread_id": 524, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "43809", "ed_keylength": "128", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "WORKGROUP", "ed_targetlogonid": "0x12e8eb6", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "ed_workstationname": "KALI", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:01:21.717Z", "last_event_time": "1970-01-01T00:01:21.717Z" } } { "event_id": "9efad256-12ac-11eb-b1cd-0242ac11002f", "event_type": "network_connection", "time_created": "1970-01-01T00:01:21.905Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "43809", "direction": "in", "connection_volume_in": 818, "connection_volume_out": 700, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "9efcb602-12ac-11eb-b1cd-0242ac11002f", "event_type": "windows_event", "time_created": "1970-01-01T00:01:22.155Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 830, "execution_thread_id": 524, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "65438", "ed_keylength": "128", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "NT AUTHORITY", "ed_targetlogonid": "0x12e8ec5", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:01:22.155Z", "last_event_time": "1970-01-01T00:01:22.155Z" } } { "event_id": "9efab370-12ac-11eb-b1cd-0242ac11002f", "event_type": "network_connection", "time_created": "1970-01-01T00:01:22.249Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "65438", "direction": "in", "connection_volume_in": 924, "connection_volume_out": 777, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "9efcff68-12ac-11eb-b1cd-0242ac11002f", "event_type": "windows_event", "time_created": "1970-01-01T00:01:22.452Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 832, "execution_thread_id": 524, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "28041", "ed_keylength": "128", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "WORKGROUP", "ed_targetlogonid": "0x12e8ed6", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "ed_workstationname": "KALI", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:01:22.452Z", "last_event_time": "1970-01-01T00:01:22.452Z" } } { "event_id": "9efa92be-12ac-11eb-b1cd-0242ac11002f", "event_type": "network_connection", "time_created": "1970-01-01T00:01:22.686Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "28041", "direction": "in", "connection_volume_in": 818, "connection_volume_out": 700, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "9efd48b0-12ac-11eb-b1cd-0242ac11002f", "event_type": "windows_event", "time_created": "1970-01-01T00:01:23.030Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 834, "execution_thread_id": 4812, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "6652", "ed_keylength": "128", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "NT AUTHORITY", "ed_targetlogonid": "0x12e8ef6", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:01:23.030Z", "last_event_time": "1970-01-01T00:01:23.030Z" } } { "event_id": "9efa72e8-12ac-11eb-b1cd-0242ac11002f", "event_type": "network_connection", "time_created": "1970-01-01T00:01:23.139Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "6652", "direction": "in", "connection_volume_in": 924, "connection_volume_out": 777, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "9efd90a4-12ac-11eb-b1cd-0242ac11002f", "event_type": "windows_event", "time_created": "1970-01-01T00:01:23.436Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 836, "execution_thread_id": 524, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "25283", "ed_keylength": "128", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "NT AUTHORITY", "ed_targetlogonid": "0x12e8f04", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:01:23.436Z", "last_event_time": "1970-01-01T00:01:23.436Z" } } { "event_id": "9efa522c-12ac-11eb-b1cd-0242ac11002f", "event_type": "network_connection", "time_created": "1970-01-01T00:01:23.670Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "25283", "direction": "in", "connection_volume_in": 920, "connection_volume_out": 777, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "9efdd82a-12ac-11eb-b1cd-0242ac11002f", "event_type": "windows_event", "time_created": "1970-01-01T00:01:23.999Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 838, "execution_thread_id": 524, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "44809", "ed_keylength": "128", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "NT AUTHORITY", "ed_targetlogonid": "0x12e8f3e", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:01:23.999Z", "last_event_time": "1970-01-01T00:01:23.999Z" } } { "event_id": "9efa36b6-12ac-11eb-b1cd-0242ac11002f", "event_type": "network_connection", "time_created": "1970-01-01T00:01:24.186Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "44809", "direction": "in", "connection_volume_in": 920, "connection_volume_out": 777, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "9efe21f4-12ac-11eb-b1cd-0242ac11002f", "event_type": "windows_event", "time_created": "1970-01-01T00:01:24.405Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 840, "execution_thread_id": 524, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "4992", "ed_keylength": "128", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "WORKGROUP", "ed_targetlogonid": "0x12e8f4b", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "ed_workstationname": "KALI", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:01:24.405Z", "last_event_time": "1970-01-01T00:01:24.405Z" } } { "event_id": "9efa1b86-12ac-11eb-b1cd-0242ac11002f", "event_type": "network_connection", "time_created": "1970-01-01T00:01:24.514Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "4992", "direction": "in", "connection_volume_in": 746, "connection_volume_out": 628, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "9efbf28a-12ac-11eb-b1cd-0242ac11002f", "event_type": "network_connection", "time_created": "1970-01-01T00:01:24.639Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "4992", "direction": "in", "connection_volume_in": 208, "connection_volume_out": 149, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "9efe6c4a-12ac-11eb-b1cd-0242ac11002f", "event_type": "windows_event", "time_created": "1970-01-01T00:01:25.514Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 842, "execution_thread_id": 524, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "18117", "ed_keylength": "0", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "NT AUTHORITY", "ed_targetlogonid": "0x12e8f67", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:01:25.514Z", "last_event_time": "1970-01-01T00:01:25.514Z" } } { "event_id": "9efbd390-12ac-11eb-b1cd-0242ac11002f", "event_type": "network_connection", "time_created": "1970-01-01T00:01:25.624Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "18117", "direction": "in", "connection_volume_in": 758, "connection_volume_out": 879, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "9efeb452-12ac-11eb-b1cd-0242ac11002f", "event_type": "windows_event", "time_created": "1970-01-01T00:01:25.967Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 844, "execution_thread_id": 524, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "33479", "ed_keylength": "128", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "NT AUTHORITY", "ed_targetlogonid": "0x12e8f74", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:01:25.967Z", "last_event_time": "1970-01-01T00:01:25.967Z" } } { "event_id": "9efbb554-12ac-11eb-b1cd-0242ac11002f", "event_type": "network_connection", "time_created": "1970-01-01T00:01:26.139Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "33479", "direction": "in", "connection_volume_in": 920, "connection_volume_out": 777, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "9efefcaa-12ac-11eb-b1cd-0242ac11002f", "event_type": "windows_event", "time_created": "1970-01-01T00:01:26.467Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 846, "execution_thread_id": 4812, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "48495", "ed_keylength": "128", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "NT AUTHORITY", "ed_targetlogonid": "0x12e8f83", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:01:26.467Z", "last_event_time": "1970-01-01T00:01:26.467Z" } } { "event_id": "9efb95b0-12ac-11eb-b1cd-0242ac11002f", "event_type": "network_connection", "time_created": "1970-01-01T00:01:26.545Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "48495", "direction": "in", "connection_volume_in": 920, "connection_volume_out": 777, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "9eff4408-12ac-11eb-b1cd-0242ac11002f", "event_type": "windows_event", "time_created": "1970-01-01T00:01:26.842Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 848, "execution_thread_id": 524, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "59521", "ed_keylength": "128", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "NT AUTHORITY", "ed_targetlogonid": "0x12e8fa5", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:01:26.842Z", "last_event_time": "1970-01-01T00:01:26.842Z" } } { "event_id": "9efb7576-12ac-11eb-b1cd-0242ac11002f", "event_type": "network_connection", "time_created": "1970-01-01T00:01:27.030Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "59521", "direction": "in", "connection_volume_in": 920, "connection_volume_out": 777, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "9eff8ef4-12ac-11eb-b1cd-0242ac11002f", "event_type": "windows_event", "time_created": "1970-01-01T00:01:27.342Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 850, "execution_thread_id": 524, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "33889", "ed_keylength": "128", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "NT AUTHORITY", "ed_targetlogonid": "0x12e8fb4", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:01:27.342Z", "last_event_time": "1970-01-01T00:01:27.342Z" } } { "event_id": "9efb567c-12ac-11eb-b1cd-0242ac11002f", "event_type": "network_connection", "time_created": "1970-01-01T00:01:27.452Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "33889", "direction": "in", "connection_volume_in": 920, "connection_volume_out": 777, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "9effe160-12ac-11eb-b1cd-0242ac11002f", "event_type": "windows_event", "time_created": "1970-01-01T00:01:27.639Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 852, "execution_thread_id": 524, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "2160", "ed_keylength": "128", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "NT AUTHORITY", "ed_targetlogonid": "0x12e8fc1", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:01:27.639Z", "last_event_time": "1970-01-01T00:01:27.639Z" } } { "event_id": "9efb3584-12ac-11eb-b1cd-0242ac11002f", "event_type": "network_connection", "time_created": "1970-01-01T00:01:27.874Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "2160", "direction": "in", "connection_volume_in": 924, "connection_volume_out": 777, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "9f0033b8-12ac-11eb-b1cd-0242ac11002f", "event_type": "windows_event", "time_created": "1970-01-01T00:01:28.155Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 854, "execution_thread_id": 524, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "61721", "ed_keylength": "128", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "NT AUTHORITY", "ed_targetlogonid": "0x12e8fce", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:01:28.155Z", "last_event_time": "1970-01-01T00:01:28.155Z" } } { "event_id": "9efb1414-12ac-11eb-b1cd-0242ac11002f", "event_type": "network_connection", "time_created": "1970-01-01T00:01:28.264Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "61721", "direction": "in", "connection_volume_in": 924, "connection_volume_out": 777, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "9f008520-12ac-11eb-b1cd-0242ac11002f", "event_type": "windows_event", "time_created": "1970-01-01T00:01:28.561Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 856, "execution_thread_id": 4812, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "41676", "ed_keylength": "128", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "NT AUTHORITY", "ed_targetlogonid": "0x12e8fdb", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:01:28.561Z", "last_event_time": "1970-01-01T00:01:28.561Z" } } { "event_id": "9efaf1f0-12ac-11eb-b1cd-0242ac11002f", "event_type": "network_connection", "time_created": "1970-01-01T00:01:28.702Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "41676", "direction": "in", "connection_volume_in": 928, "connection_volume_out": 777, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "367cc652-12ad-11eb-8268-0242ac110019", "event_type": "windows_event", "time_created": "1970-01-01T00:05:39.608Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 858, "execution_thread_id": 4812, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "56566", "ed_keylength": "0", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "NT AUTHORITY", "ed_targetlogonid": "0x12ea471", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:05:39.608Z", "last_event_time": "1970-01-01T00:05:39.608Z" } } { "event_id": "367c37be-12ad-11eb-8268-0242ac110019", "event_type": "network_connection", "time_created": "1970-01-01T00:05:40.202Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "56566", "direction": "in", "connection_volume_in": 2082, "connection_volume_out": 1327, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "199da7d0-12ae-11eb-abb6-0242ac11001a", "event_type": "network_connection", "time_created": "1970-01-01T00:09:10.811Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "52339", "direction": "in", "connection_volume_in": 740, "connection_volume_out": 613, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "199de79a-12ae-11eb-abb6-0242ac11001a", "event_type": "network_connection", "time_created": "1970-01-01T00:10:04.186Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "9879", "direction": "in", "connection_volume_in": 740, "connection_volume_out": 613, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "199e46ea-12ae-11eb-abb6-0242ac11001a", "event_type": "windows_event", "time_created": "1970-01-01T00:11:23.014Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 860, "execution_thread_id": 1812, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "1131", "ed_keylength": "0", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "NT AUTHORITY", "ed_targetlogonid": "0x12ebc7d", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:11:23.014Z", "last_event_time": "1970-01-01T00:11:23.014Z" } } { "event_id": "199e1198-12ae-11eb-abb6-0242ac11001a", "event_type": "network_connection", "time_created": "1970-01-01T00:11:23.077Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "1131", "direction": "in", "connection_volume_in": 511, "connection_volume_out": 664, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "4515c8ca-12ae-11eb-b08b-0242ac110015", "event_type": "windows_event", "time_created": "1970-01-01T00:11:44.499Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 862, "execution_thread_id": 524, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "14220", "ed_keylength": "0", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "NT AUTHORITY", "ed_targetlogonid": "0x12ebe7d", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:11:44.499Z", "last_event_time": "1970-01-01T00:11:44.499Z" } } { "event_id": "4512d91c-12ae-11eb-b08b-0242ac110015", "event_type": "network_connection", "time_created": "1970-01-01T00:11:44.545Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "14220", "direction": "in", "connection_volume_in": 509, "connection_volume_out": 664, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "45163eea-12ae-11eb-b08b-0242ac110015", "event_type": "windows_event", "time_created": "1970-01-01T00:11:53.655Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 864, "execution_thread_id": 524, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "48056", "ed_keylength": "0", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "NT AUTHORITY", "ed_targetlogonid": "0x12ebf4e", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:11:53.655Z", "last_event_time": "1970-01-01T00:11:53.655Z" } } { "event_id": "45132980-12ae-11eb-b08b-0242ac110015", "event_type": "network_connection", "time_created": "1970-01-01T00:11:53.702Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "48056", "direction": "in", "connection_volume_in": 507, "connection_volume_out": 664, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "4516d77e-12ae-11eb-b08b-0242ac110015", "event_type": "windows_event", "time_created": "1970-01-01T00:12:02.467Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 866, "execution_thread_id": 524, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "38433", "ed_keylength": "0", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "NT AUTHORITY", "ed_targetlogonid": "0x12ebfab", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:12:02.467Z", "last_event_time": "1970-01-01T00:12:02.467Z" } } { "event_id": "45137156-12ae-11eb-b08b-0242ac110015", "event_type": "network_connection", "time_created": "1970-01-01T00:12:02.514Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "38433", "direction": "in", "connection_volume_in": 510, "connection_volume_out": 664, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "451737be-12ae-11eb-b08b-0242ac110015", "event_type": "windows_event", "time_created": "1970-01-01T00:12:13.905Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 868, "execution_thread_id": 1812, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "59012", "ed_keylength": "0", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "NT AUTHORITY", "ed_targetlogonid": "0x12ec18f", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:12:13.905Z", "last_event_time": "1970-01-01T00:12:13.905Z" } } { "event_id": "4513baf8-12ae-11eb-b08b-0242ac110015", "event_type": "network_connection", "time_created": "1970-01-01T00:12:13.952Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "59012", "direction": "in", "connection_volume_in": 508, "connection_volume_out": 664, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "4517a0a0-12ae-11eb-b08b-0242ac110015", "event_type": "windows_event", "time_created": "1970-01-01T00:12:23.108Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 870, "execution_thread_id": 1812, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "65078", "ed_keylength": "0", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "NT AUTHORITY", "ed_targetlogonid": "0x12ec28e", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:12:23.108Z", "last_event_time": "1970-01-01T00:12:23.108Z" } } { "event_id": "45140364-12ae-11eb-b08b-0242ac110015", "event_type": "network_connection", "time_created": "1970-01-01T00:12:23.155Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "65078", "direction": "in", "connection_volume_in": 518, "connection_volume_out": 664, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "45180446-12ae-11eb-b08b-0242ac110015", "event_type": "windows_event", "time_created": "1970-01-01T00:12:31.608Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 872, "execution_thread_id": 1812, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "10528", "ed_keylength": "0", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "NT AUTHORITY", "ed_targetlogonid": "0x12ec2eb", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:12:31.608Z", "last_event_time": "1970-01-01T00:12:31.608Z" } } { "event_id": "45144d10-12ae-11eb-b08b-0242ac110015", "event_type": "network_connection", "time_created": "1970-01-01T00:12:31.670Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "10528", "direction": "in", "connection_volume_in": 518, "connection_volume_out": 664, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "4518647c-12ae-11eb-b08b-0242ac110015", "event_type": "windows_event", "time_created": "1970-01-01T00:12:42.139Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 874, "execution_thread_id": 1812, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "46303", "ed_keylength": "0", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "NT AUTHORITY", "ed_targetlogonid": "0x12ec3f5", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:12:42.139Z", "last_event_time": "1970-01-01T00:12:42.139Z" } } { "event_id": "45149356-12ae-11eb-b08b-0242ac110015", "event_type": "network_connection", "time_created": "1970-01-01T00:12:42.186Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "46303", "direction": "in", "connection_volume_in": 511, "connection_volume_out": 664, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "4518c84a-12ae-11eb-b08b-0242ac110015", "event_type": "windows_event", "time_created": "1970-01-01T00:12:46.108Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 876, "execution_thread_id": 1812, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "54538", "ed_keylength": "0", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "NT AUTHORITY", "ed_targetlogonid": "0x12ec421", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:12:46.108Z", "last_event_time": "1970-01-01T00:12:46.108Z" } } { "event_id": "4514c376-12ae-11eb-b08b-0242ac110015", "event_type": "network_connection", "time_created": "1970-01-01T00:12:46.202Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "54538", "direction": "in", "connection_volume_in": 511, "connection_volume_out": 664, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "45192b14-12ae-11eb-b08b-0242ac110015", "event_type": "windows_event", "time_created": "1970-01-01T00:12:52.077Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 878, "execution_thread_id": 524, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "29136", "ed_keylength": "0", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "NT AUTHORITY", "ed_targetlogonid": "0x12ec44d", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:12:52.077Z", "last_event_time": "1970-01-01T00:12:52.077Z" } } { "event_id": "4514eacc-12ae-11eb-b08b-0242ac110015", "event_type": "network_connection", "time_created": "1970-01-01T00:12:52.124Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "29136", "direction": "in", "connection_volume_in": 515, "connection_volume_out": 664, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "45199e64-12ae-11eb-b08b-0242ac110015", "event_type": "windows_event", "time_created": "1970-01-01T00:12:59.077Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 880, "execution_thread_id": 524, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "8461", "ed_keylength": "0", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "NT AUTHORITY", "ed_targetlogonid": "0x12ec47e", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:12:59.077Z", "last_event_time": "1970-01-01T00:12:59.077Z" } } { "event_id": "451538f6-12ae-11eb-b08b-0242ac110015", "event_type": "network_connection", "time_created": "1970-01-01T00:12:59.139Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "8461", "direction": "in", "connection_volume_in": 509, "connection_volume_out": 664, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "451a1ba0-12ae-11eb-b08b-0242ac110015", "event_type": "windows_event", "time_created": "1970-01-01T00:13:03.374Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 882, "execution_thread_id": 524, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "8928", "ed_keylength": "0", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "NT AUTHORITY", "ed_targetlogonid": "0x12ec49e", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:13:03.374Z", "last_event_time": "1970-01-01T00:13:03.374Z" } } { "event_id": "451511a0-12ae-11eb-b08b-0242ac110015", "event_type": "network_connection", "time_created": "1970-01-01T00:13:03.420Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "8928", "direction": "in", "connection_volume_in": 508, "connection_volume_out": 664, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "451aa598-12ae-11eb-b08b-0242ac110015", "event_type": "windows_event", "time_created": "1970-01-01T00:13:09.749Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 884, "execution_thread_id": 1812, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "26218", "ed_keylength": "0", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "NT AUTHORITY", "ed_targetlogonid": "0x12ec5bc", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:13:09.749Z", "last_event_time": "1970-01-01T00:13:09.749Z" } } { "event_id": "45155eda-12ae-11eb-b08b-0242ac110015", "event_type": "network_connection", "time_created": "1970-01-01T00:13:09.795Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "26218", "direction": "in", "connection_volume_in": 518, "connection_volume_out": 664, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "451b291e-12ae-11eb-b08b-0242ac110015", "event_type": "windows_event", "time_created": "1970-01-01T00:13:21.014Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 886, "execution_thread_id": 1812, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "45141", "ed_keylength": "0", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "NT AUTHORITY", "ed_targetlogonid": "0x12ec632", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:13:21.014Z", "last_event_time": "1970-01-01T00:13:21.014Z" } } { "event_id": "45159238-12ae-11eb-b08b-0242ac110015", "event_type": "network_connection", "time_created": "1970-01-01T00:13:21.061Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "45141", "direction": "in", "connection_volume_in": 509, "connection_volume_out": 664, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "02aea28a-12af-11eb-824d-0242ac110036", "event_type": "windows_event", "time_created": "1970-01-01T00:13:27.436Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 888, "execution_thread_id": 1812, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "28474", "ed_keylength": "0", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "NT AUTHORITY", "ed_targetlogonid": "0x12ec685", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:13:27.436Z", "last_event_time": "1970-01-01T00:13:27.436Z" } } { "event_id": "02ac37b6-12af-11eb-824d-0242ac110036", "event_type": "network_connection", "time_created": "1970-01-01T00:13:27.499Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "28474", "direction": "in", "connection_volume_in": 511, "connection_volume_out": 664, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "02aeed1c-12af-11eb-824d-0242ac110036", "event_type": "windows_event", "time_created": "1970-01-01T00:13:35.186Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 890, "execution_thread_id": 1812, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "39880", "ed_keylength": "0", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "NT AUTHORITY", "ed_targetlogonid": "0x12ec7a2", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:13:35.186Z", "last_event_time": "1970-01-01T00:13:35.186Z" } } { "event_id": "02ac610a-12af-11eb-824d-0242ac110036", "event_type": "network_connection", "time_created": "1970-01-01T00:13:35.249Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "39880", "direction": "in", "connection_volume_in": 520, "connection_volume_out": 664, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "02af37ea-12af-11eb-824d-0242ac110036", "event_type": "windows_event", "time_created": "1970-01-01T00:13:40.170Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 892, "execution_thread_id": 524, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "31133", "ed_keylength": "0", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "NT AUTHORITY", "ed_targetlogonid": "0x12ec81a", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:13:40.170Z", "last_event_time": "1970-01-01T00:13:40.170Z" } } { "event_id": "02ac809a-12af-11eb-824d-0242ac110036", "event_type": "network_connection", "time_created": "1970-01-01T00:13:40.233Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "31133", "direction": "in", "connection_volume_in": 509, "connection_volume_out": 664, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "02af874a-12af-11eb-824d-0242ac110036", "event_type": "windows_event", "time_created": "1970-01-01T00:13:57.420Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 894, "execution_thread_id": 1812, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "37636", "ed_keylength": "0", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "NT AUTHORITY", "ed_targetlogonid": "0x12eca2b", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:13:57.420Z", "last_event_time": "1970-01-01T00:13:57.420Z" } } { "event_id": "02ac9f26-12af-11eb-824d-0242ac110036", "event_type": "network_connection", "time_created": "1970-01-01T00:13:57.483Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "37636", "direction": "in", "connection_volume_in": 532, "connection_volume_out": 664, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "02afdaba-12af-11eb-824d-0242ac110036", "event_type": "windows_event", "time_created": "1970-01-01T00:14:03.108Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 896, "execution_thread_id": 524, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "1866", "ed_keylength": "0", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "NT AUTHORITY", "ed_targetlogonid": "0x12eca4d", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:14:03.108Z", "last_event_time": "1970-01-01T00:14:03.108Z" } } { "event_id": "02acbe16-12af-11eb-824d-0242ac110036", "event_type": "network_connection", "time_created": "1970-01-01T00:14:03.170Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "1866", "direction": "in", "connection_volume_in": 509, "connection_volume_out": 664, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "02b02d30-12af-11eb-824d-0242ac110036", "event_type": "windows_event", "time_created": "1970-01-01T00:14:08.702Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 898, "execution_thread_id": 524, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "53446", "ed_keylength": "0", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "NT AUTHORITY", "ed_targetlogonid": "0x12ecb5b", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:14:08.702Z", "last_event_time": "1970-01-01T00:14:08.702Z" } } { "event_id": "02acdb08-12af-11eb-824d-0242ac110036", "event_type": "network_connection", "time_created": "1970-01-01T00:14:08.764Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "53446", "direction": "in", "connection_volume_in": 509, "connection_volume_out": 664, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "02b08122-12af-11eb-824d-0242ac110036", "event_type": "windows_event", "time_created": "1970-01-01T00:14:13.655Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 900, "execution_thread_id": 1812, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "31775", "ed_keylength": "0", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "NT AUTHORITY", "ed_targetlogonid": "0x12ecb7b", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:14:13.655Z", "last_event_time": "1970-01-01T00:14:13.655Z" } } { "event_id": "02acfa34-12af-11eb-824d-0242ac110036", "event_type": "network_connection", "time_created": "1970-01-01T00:14:13.717Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "31775", "direction": "in", "connection_volume_in": 509, "connection_volume_out": 664, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "02b0cbe6-12af-11eb-824d-0242ac110036", "event_type": "windows_event", "time_created": "1970-01-01T00:14:19.342Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 902, "execution_thread_id": 524, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "25525", "ed_keylength": "0", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "NT AUTHORITY", "ed_targetlogonid": "0x12ecbe1", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:14:19.342Z", "last_event_time": "1970-01-01T00:14:19.342Z" } } { "event_id": "02ad1e7e-12af-11eb-824d-0242ac110036", "event_type": "network_connection", "time_created": "1970-01-01T00:14:19.405Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "25525", "direction": "in", "connection_volume_in": 509, "connection_volume_out": 664, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "02b1198e-12af-11eb-824d-0242ac110036", "event_type": "windows_event", "time_created": "1970-01-01T00:14:25.311Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 904, "execution_thread_id": 524, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "53253", "ed_keylength": "0", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "NT AUTHORITY", "ed_targetlogonid": "0x12ecc11", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:14:25.311Z", "last_event_time": "1970-01-01T00:14:25.311Z" } } { "event_id": "02ad498a-12af-11eb-824d-0242ac110036", "event_type": "network_connection", "time_created": "1970-01-01T00:14:25.389Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "53253", "direction": "in", "connection_volume_in": 514, "connection_volume_out": 664, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "02b16dbc-12af-11eb-824d-0242ac110036", "event_type": "windows_event", "time_created": "1970-01-01T00:14:32.592Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 906, "execution_thread_id": 1812, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "8424", "ed_keylength": "0", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "NT AUTHORITY", "ed_targetlogonid": "0x12ecc3a", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:14:32.592Z", "last_event_time": "1970-01-01T00:14:32.592Z" } } { "event_id": "02ad66fe-12af-11eb-824d-0242ac110036", "event_type": "network_connection", "time_created": "1970-01-01T00:14:32.655Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "8424", "direction": "in", "connection_volume_in": 509, "connection_volume_out": 664, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "02b1ce38-12af-11eb-824d-0242ac110036", "event_type": "windows_event", "time_created": "1970-01-01T00:14:45.967Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 908, "execution_thread_id": 1812, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "3816", "ed_keylength": "0", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "NT AUTHORITY", "ed_targetlogonid": "0x12ecd7d", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:14:45.967Z", "last_event_time": "1970-01-01T00:14:45.967Z" } } { "event_id": "02ad8526-12af-11eb-824d-0242ac110036", "event_type": "network_connection", "time_created": "1970-01-01T00:14:46.030Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "3816", "direction": "in", "connection_volume_in": 541, "connection_volume_out": 664, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "02b22270-12af-11eb-824d-0242ac110036", "event_type": "windows_event", "time_created": "1970-01-01T00:14:54.202Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\lsass.exe", "cmdl": "C:\\Windows\\system32\\lsass.exe", "sha1": "f34bbe523cf4b187b2c27da2bcd267412301745d", "gpid": "p:cc60642910b935506e68e5c31f4a0550", "onam": "lsass.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 488, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "lsass.exe" }, "event_id": 4624, "event_provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", "sys_version": 0, "task_category": 12544, "level": 0, "opcode": 0, "recode_id": 910, "execution_thread_id": 524, "ed_process_details": { "fnam": "[System Process]", "cmdl": "", "gpid": "p:c44ed5d6c1cf4d7a2a93c9bba9a9f891", "user": "", "err": "invalid process", "pchain": [], "pid": 0, "exst": true, "elev": false, "path": ".", "name": "[System Process]" }, "ed_authenticationpackagename": "NTLM", "ed_ipaddress": "240.0.0.2", "ed_ipport": "10905", "ed_keylength": "0", "ed_lmpackagename": "NTLM V1", "ed_logonguid": "{00000000-0000-0000-0000-000000000000}", "ed_logonprocessname": "NtLmSsp ", "ed_logontype": "3", "ed_subjectlogonid": "0x0", "ed_subjectusersid": "S-1-0-0", "ed_targetdomainname": "NT AUTHORITY", "ed_targetlogonid": "0x12ecdb9", "ed_targetusername": "ANONYMOUS LOGON", "ed_targetusersid": "S-1-5-7", "sys_channel": "Security", "sys_computer": "sappan-PC", "sys_keywords": "0x8020000000000000", "sys_provider_name": "Microsoft-Windows-Security-Auditing", "number_of_events": 1, "first_event_time": "1970-01-01T00:14:54.202Z", "last_event_time": "1970-01-01T00:14:54.202Z" } } { "event_id": "02ada2b8-12af-11eb-824d-0242ac110036", "event_type": "network_connection", "time_created": "1970-01-01T00:14:54.249Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "10905", "direction": "in", "connection_volume_in": 515, "connection_volume_out": 664, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "bcec9e5e-12af-11eb-8c9a-0242ac110008", "event_type": "wmi_event_tracing", "time_created": "1970-01-01T00:18:09.169Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\svchost.exe", "cmdl": "C:\\Windows\\system32\\svchost.exe -k netsvcs", "sha1": "619652b42afe5fb0e3719d7aeda7a5494ab193e8", "gpid": "p:d4679941c08c74b129ebd87b72e9ade2", "onam": "svchost.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:f59b05a7ea566b6c476e4efdb11bb737", "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 844, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "svchost.exe" }, "event_id": 1, "event_provider_guid": "{1418ef04-b0b4-4623-bf7e-d74ab47bbdaa}", "sys_version": 0, "task_category": 0, "level": 4, "opcode": 0, "execution_thread_id": 1456, "client_process_details": { "fnam": "%systemroot%\\explorer.exe", "cmdl": "C:\\Windows\\Explorer.EXE", "sha1": "4583daf9442880204730fb2c8a060430640494b1", "gpid": "p:4de16368aee069ea92684386ba260979", "onam": "EXPLORER.EXE", "user": "sappan-PC\\sappan", "guserid": "u:3e4e391f80b733fec953da4ea5644247", "pchain": [], "pid": 2156, "exst": true, "elev": false, "path": "%systemroot%", "name": "explorer.exe", "orsp": { "fso_r": 0, "p_r": 80 } }, "ed_clientmachine": "SAPPAN-PC", "ed_groupoperationid": "4451", "ed_namespacename": "\\\\.\\root\\cimv2", "ed_operation": "Start IWbemServices::ExecQuery - select MaxClockSpeed from Win32_Processor", "ed_operationid": "4452", "ed_user": "sappan-PC\\sappan", "sys_provider_name": "Microsoft-Windows-WMI-Activity" } } { "event_id": "02adc914-12af-11eb-824d-0242ac110036", "event_type": "new_process", "time_created": "1970-01-01T00:18:10.670Z", "event_data": { "new_process_details": { "fnam": "%systemroot%\\System32\\control.exe", "cmdl": "\"C:\\Windows\\System32\\control.exe\" SYSTEM", "sha1": "dbf52360df5bdb85b3db5e1940901d68a7df036a", "gpid": "p:6a85ed516b180a0822d32511fc35e327", "onam": "CONTROL.EXE", "user": "sappan-PC\\sappan", "guserid": "u:3e4e391f80b733fec953da4ea5644247", "pchain": [ "p:4de16368aee069ea92684386ba260979" ], "pid": 2360, "exst": false, "elev": false, "path": "%systemroot%\\System32", "name": "control.exe" }, "parent_process_details": { "fnam": "%systemroot%\\explorer.exe", "cmdl": "C:\\Windows\\Explorer.EXE", "sha1": "4583daf9442880204730fb2c8a060430640494b1", "gpid": "p:4de16368aee069ea92684386ba260979", "onam": "EXPLORER.EXE", "user": "sappan-PC\\sappan", "guserid": "u:3e4e391f80b733fec953da4ea5644247", "pchain": [], "pid": 2156, "exst": true, "elev": false, "path": "%systemroot%", "name": "explorer.exe" } } } { "event_id": "02ae6c52-12af-11eb-824d-0242ac110036", "event_type": "open_process", "time_created": "1970-01-01T00:18:10.686Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\svchost.exe", "cmdl": "C:\\Windows\\system32\\svchost.exe -k netsvcs", "sha1": "619652b42afe5fb0e3719d7aeda7a5494ab193e8", "gpid": "p:d4679941c08c74b129ebd87b72e9ade2", "onam": "svchost.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:f59b05a7ea566b6c476e4efdb11bb737", "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 844, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "svchost.exe" }, "target_process_details": { "fnam": "%systemroot%\\System32\\control.exe", "cmdl": "\"C:\\Windows\\System32\\control.exe\" SYSTEM", "sha1": "dbf52360df5bdb85b3db5e1940901d68a7df036a", "gpid": "p:6a85ed516b180a0822d32511fc35e327", "onam": "CONTROL.EXE", "user": "sappan-PC\\sappan", "guserid": "u:3e4e391f80b733fec953da4ea5644247", "pchain": [ "p:4de16368aee069ea92684386ba260979" ], "pid": 2360, "exst": false, "elev": false, "path": "%systemroot%\\System32", "name": "control.exe" }, "desired_access": 5240, "type": "process" } } { "event_id": "02ae869c-12af-11eb-824d-0242ac110036", "event_type": "open_process", "time_created": "1970-01-01T00:18:10.686Z", "event_data": { "process_details": { "fnam": "%systemroot%\\System32\\svchost.exe", "cmdl": "C:\\Windows\\System32\\svchost.exe -k secsvcs", "sha1": "619652b42afe5fb0e3719d7aeda7a5494ab193e8", "gpid": "p:e2dcf7ee7b7b6a08d951c69cc2a9b678", "onam": "svchost.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:f59b05a7ea566b6c476e4efdb11bb737", "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 2868, "exst": false, "elev": true, "path": "%systemroot%\\System32", "name": "svchost.exe" }, "target_process_details": { "fnam": "%systemroot%\\System32\\control.exe", "cmdl": "\"C:\\Windows\\System32\\control.exe\" SYSTEM", "sha1": "dbf52360df5bdb85b3db5e1940901d68a7df036a", "gpid": "p:6a85ed516b180a0822d32511fc35e327", "onam": "CONTROL.EXE", "user": "sappan-PC\\sappan", "guserid": "u:3e4e391f80b733fec953da4ea5644247", "pchain": [ "p:4de16368aee069ea92684386ba260979" ], "pid": 2360, "exst": false, "elev": false, "path": "%systemroot%\\System32", "name": "control.exe" }, "desired_access": 5144, "type": "process" } } { "event_id": "02ae019a-12af-11eb-824d-0242ac110036", "event_type": "new_process", "time_created": "1970-01-01T00:18:11.155Z", "event_data": { "new_process_details": { "fnam": "%systemroot%\\System32\\wbem\\WmiPrvSE.exe", "cmdl": "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding", "sha1": "9f5a4796b58d8b104a1c0f5a63daf0032b947966", "gpid": "p:213d42c4061282ec253bba7436f03918", "onam": "Wmiprvse.exe", "user": "NT AUTHORITY\\NETWORK SERVICE", "guserid": "u:fa28c0d75f7bfce8c7ae02614bcd320d", "pchain": [ "p:206a4bb41007068fe8fb149c46716430", "p:f59b05a7ea566b6c476e4efdb11bb737", "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 4636, "exst": false, "elev": true, "path": "%systemroot%\\System32\\wbem", "name": "WmiPrvSE.exe" }, "parent_process_details": { "fnam": "%systemroot%\\System32\\svchost.exe", "cmdl": "C:\\Windows\\system32\\svchost.exe -k DcomLaunch", "sha1": "619652b42afe5fb0e3719d7aeda7a5494ab193e8", "gpid": "p:206a4bb41007068fe8fb149c46716430", "onam": "svchost.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:f59b05a7ea566b6c476e4efdb11bb737", "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 596, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "svchost.exe" } } } { "event_id": "02ae33ea-12af-11eb-824d-0242ac110036", "event_type": "new_process", "time_created": "1970-01-01T00:18:11.358Z", "event_data": { "new_process_details": { "fnam": "%systemroot%\\System32\\sppsvc.exe", "cmdl": "C:\\Windows\\system32\\sppsvc.exe", "sha1": "c5b437f3965c01936046f9bf7c853f8e363c12ad", "gpid": "p:6599d1c85176c32eb2c135d861f9b9a6", "onam": "sppsvc.exe", "user": "NT AUTHORITY\\NETWORK SERVICE", "guserid": "u:fa28c0d75f7bfce8c7ae02614bcd320d", "pchain": [ "p:f59b05a7ea566b6c476e4efdb11bb737", "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 4176, "exst": false, "elev": true, "path": "%systemroot%\\System32", "name": "sppsvc.exe" }, "parent_process_details": { "fnam": "%systemroot%\\System32\\services.exe", "cmdl": "C:\\Windows\\system32\\services.exe", "sha1": "a5b16a7d28d2ba79a9ccfc16ed480ad75a757166", "gpid": "p:f59b05a7ea566b6c476e4efdb11bb737", "onam": "services.exe", "user": "NT AUTHORITY\\SYSTEM", "guserid": "u:13c7a4931573fa7d344c90f6482039d2", "pchain": [ "p:36dc1a1d70d94332468d8a79d550278b" ], "pid": 480, "exst": true, "elev": true, "path": "%systemroot%\\System32", "name": "services.exe" } } } { "event_id": "f507bd78-12af-11eb-b9ff-0242ac110014", "event_type": "network_connection", "time_created": "1970-01-01T00:23:51.295Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "13612", "direction": "in", "connection_volume_in": 948, "connection_volume_out": 710, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "f50781fa-12af-11eb-b9ff-0242ac110014", "event_type": "network_connection", "time_created": "1970-01-01T00:23:51.749Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "48219", "direction": "in", "connection_volume_in": 63643, "connection_volume_out": 349, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "f50bd692-12af-11eb-b9ff-0242ac110014", "event_type": "network_connection", "time_created": "1970-01-01T00:24:01.670Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "19577", "direction": "in", "connection_volume_in": 136, "connection_volume_out": 328, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "f509302c-12af-11eb-b9ff-0242ac110014", "event_type": "network_connection", "time_created": "1970-01-01T00:24:02.092Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "26465", "direction": "in", "connection_volume_in": 136, "connection_volume_out": 252, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "f50c0b94-12af-11eb-b9ff-0242ac110014", "event_type": "network_connection", "time_created": "1970-01-01T00:24:02.327Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "48219", "direction": "in", "connection_volume_in": 4206, "connection_volume_out": 145, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "f50acda6-12af-11eb-b9ff-0242ac110014", "event_type": "network_connection", "time_created": "1970-01-01T00:24:02.374Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "2786", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "f50b01ea-12af-11eb-b9ff-0242ac110014", "event_type": "network_connection", "time_created": "1970-01-01T00:24:02.374Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "36738", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "f50b37be-12af-11eb-b9ff-0242ac110014", "event_type": "network_connection", "time_created": "1970-01-01T00:24:02.374Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "63028", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "f50b6be4-12af-11eb-b9ff-0242ac110014", "event_type": "network_connection", "time_created": "1970-01-01T00:24:02.374Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "38999", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "f507f37e-12af-11eb-b9ff-0242ac110014", "event_type": "network_connection", "time_created": "1970-01-01T00:24:02.389Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "48410", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "f50828ee-12af-11eb-b9ff-0242ac110014", "event_type": "network_connection", "time_created": "1970-01-01T00:24:02.389Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "60586", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "f5085d8c-12af-11eb-b9ff-0242ac110014", "event_type": "network_connection", "time_created": "1970-01-01T00:24:02.389Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "41676", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "f5089266-12af-11eb-b9ff-0242ac110014", "event_type": "network_connection", "time_created": "1970-01-01T00:24:02.389Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "14428", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "f508c7cc-12af-11eb-b9ff-0242ac110014", "event_type": "network_connection", "time_created": "1970-01-01T00:24:02.389Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "43692", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "f508fc06-12af-11eb-b9ff-0242ac110014", "event_type": "network_connection", "time_created": "1970-01-01T00:24:02.389Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "3379", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "f5096556-12af-11eb-b9ff-0242ac110014", "event_type": "network_connection", "time_created": "1970-01-01T00:24:02.389Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "15895", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "f5099ab2-12af-11eb-b9ff-0242ac110014", "event_type": "network_connection", "time_created": "1970-01-01T00:24:02.389Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "56228", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "f509c99c-12af-11eb-b9ff-0242ac110014", "event_type": "network_connection", "time_created": "1970-01-01T00:24:02.389Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "16396", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "f509faf2-12af-11eb-b9ff-0242ac110014", "event_type": "network_connection", "time_created": "1970-01-01T00:24:02.389Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "60960", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "f50a2fa4-12af-11eb-b9ff-0242ac110014", "event_type": "network_connection", "time_created": "1970-01-01T00:24:02.389Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "57722", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "f50a637a-12af-11eb-b9ff-0242ac110014", "event_type": "network_connection", "time_created": "1970-01-01T00:24:02.389Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "5777", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "f50a9908-12af-11eb-b9ff-0242ac110014", "event_type": "network_connection", "time_created": "1970-01-01T00:24:02.389Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "3835", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "f50ba0f0-12af-11eb-b9ff-0242ac110014", "event_type": "network_connection", "time_created": "1970-01-01T00:24:02.389Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "53305", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "f50c426c-12af-11eb-b9ff-0242ac110014", "event_type": "network_connection", "time_created": "1970-01-01T00:24:39.124Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "36091", "direction": "in", "connection_volume_in": 264, "connection_volume_out": 310, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c5d499c-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:24:39.342Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "36091", "direction": "in", "connection_volume_in": 63379, "connection_volume_out": 39, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c62d2cc-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:24:49.311Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "15346", "direction": "in", "connection_volume_in": 136, "connection_volume_out": 328, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c5ee5ea-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:24:49.874Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "32408", "direction": "in", "connection_volume_in": 136, "connection_volume_out": 252, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c630710-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:24:50.061Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "36091", "direction": "in", "connection_volume_in": 4206, "connection_volume_out": 145, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c5d9028-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:24:50.108Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "42639", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c5dc28c-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:24:50.108Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "65425", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c5df9aa-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:24:50.108Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "48712", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c5e3352-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:24:50.108Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "34104", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c5e7254-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:24:50.108Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "35792", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c5eb2c8-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:24:50.108Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "58609", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c5f2082-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:24:50.108Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "52197", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c5f594e-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:24:50.108Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "20669", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c5f945e-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:24:50.108Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "56958", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c5fd914-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:24:50.108Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "38784", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c601ec4-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:24:50.108Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "63221", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c606adc-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:24:50.108Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "7087", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c60a920-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:24:50.108Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "46981", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c60d8e6-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:24:50.108Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "54439", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c6115b8-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:24:50.108Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "13916", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c6145a6-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:24:50.108Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "53983", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c61744a-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:24:50.108Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "4668", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c619c18-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:24:50.108Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "39821", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c61ce18-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:24:50.108Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "33632", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c6202b6-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:24:50.108Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "40843", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c623862-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:24:50.108Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "12463", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c626dfa-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:24:50.108Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "59670", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c62a658-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:24:50.108Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "26443", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c634824-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:25:26.999Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "21198", "direction": "in", "connection_volume_in": 63643, "connection_volume_out": 349, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c6ba064-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:25:36.999Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "10832", "direction": "in", "connection_volume_in": 136, "connection_volume_out": 328, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c6525fe-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:25:37.717Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "2235", "direction": "in", "connection_volume_in": 136, "connection_volume_out": 252, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c6beb46-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:25:37.920Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "21198", "direction": "in", "connection_volume_in": 4206, "connection_volume_out": 145, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c63d42e-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:25:37.952Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "49087", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c64159c-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:25:37.952Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "39867", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c644f8a-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:25:37.952Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "14703", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c649602-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:25:37.952Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "40989", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c64df22-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:25:37.952Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "45164", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c656b04-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:25:37.952Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "5540", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c65b816-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:25:37.952Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "42587", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c660186-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:25:37.952Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "31251", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c66438a-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:25:37.952Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "27744", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c668c96-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:25:37.952Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "49077", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c66d5de-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:25:37.952Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "8855", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c671da0-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:25:37.952Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "58437", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c6768f0-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:25:37.952Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "7598", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c67aca2-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:25:37.952Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "8794", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c67f61c-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:25:37.952Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "51182", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c6959f8-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:25:37.952Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "31614", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c69a26e-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:25:37.952Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "65061", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c69eb8e-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:25:37.952Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "55167", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c6a34cc-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:25:37.952Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "62665", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c6a786a-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:25:37.952Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "32034", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c638c80-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:25:37.967Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "45883", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c683f1e-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:25:37.967Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "18258", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c68855a-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:25:37.967Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "21240", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c68cd76-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:25:37.967Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "19216", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c691114-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:25:37.967Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "13959", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c6ac37e-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:25:37.967Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "13279", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c6b0da2-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:25:37.967Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "39111", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } } { "event_id": "1c6b553c-12b0-11eb-a5f4-0242ac110024", "event_type": "network_connection", "time_created": "1970-01-01T00:25:37.967Z", "event_data": { "process_details": { "fnam": "System", "cmdl": "", "gpid": "p:223e09458e2733e35a33ba6465c5e0d8", "user": "", "err": "invalid process", "pchain": [], "pid": 4, "exst": true, "elev": false, "path": ".", "name": "System" }, "destination_host": { "domain_name": "240.0.0.2" }, "local_ip": "240.170.0.2", "local_port": "445", "remote_ip": "240.0.0.2", "remote_port": "56337", "direction": "in", "connection_volume_in": 4205, "connection_volume_out": 0, "protocol_number": "6", "protocol_keyword": "TCP" } }