diff --git a/source/samples/Sample_Process_Execution_Events.csv b/source/samples/Sample_Process_Execution_Events.csv new file mode 100644 index 0000000..9b38ae6 --- /dev/null +++ b/source/samples/Sample_Process_Execution_Events.csv @@ -0,0 +1,4130 @@ +DateTime,timestamp,EventID,ProcessName,User,ParentProcessName,RawLog +2021-12-07T21:33:14.919262+04:00,1638898394.919262,4688,C:\Windows\System32\svchost.exe,MSEDGEWIN10$,C:\Windows\System32\services.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329925 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-18 + MSEDGEWIN10$ + WORKGROUP + 0x3e7 + 0x24e0 + C:\Windows\System32\svchost.exe + %%1936 + 0x274 + + S-1-5-19 + LOCAL SERVICE + NT AUTHORITY + 0x3e5 + C:\Windows\System32\services.exe + S-1-16-16384 + +" +2021-12-07T21:33:01.680326+04:00,1638898381.680326,4688,C:\Windows\System32\lsass.exe,IEUser,C:\Windows\System32\lsass.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329921 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-21-3461203602-4096304019-2269080069-1000 + IEUser + MSEDGEWIN10 + 0x16e3db3 + 0x1494 + C:\Windows\System32\lsass.exe + %%1936 + 0x27c + + S-1-5-18 + MSEDGEWIN10$ + WORKGROUP + 0x3e7 + C:\Windows\System32\lsass.exe + S-1-16-16384 + +" +2021-12-07T21:33:01.680005+04:00,1638898381.680005,4688,C:\Windows\System32\conhost.exe,IEUser,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329920 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-21-3461203602-4096304019-2269080069-1000 + IEUser + MSEDGEWIN10 + 0x16e3db3 + 0x11e4 + C:\Windows\System32\conhost.exe + %%1936 + 0x17b8 + + S-1-0-0 + - + - + 0x0 + \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe + S-1-16-12288 + +" +2021-12-07T21:33:01.636384+04:00,1638898381.636384,4688,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe,MSEDGEWIN10$,C:\Windows\System32\lsass.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329919 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-18 + MSEDGEWIN10$ + WORKGROUP + 0x3e7 + 0x17b8 + \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe + %%1936 + 0x27c + + S-1-0-0 + IEUser + MSEDGEWIN10 + 0x16e3db3 + C:\Windows\System32\lsass.exe + S-1-16-12288 + +" +2021-12-07T21:33:01.474816+04:00,1638898381.474816,4688,C:\Windows\System32\svchost.exe,MSEDGEWIN10$,C:\Windows\System32\services.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329916 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-18 + MSEDGEWIN10$ + WORKGROUP + 0x3e7 + 0x1bc4 + C:\Windows\System32\svchost.exe + %%1936 + 0x274 + + S-1-0-0 + - + - + 0x0 + C:\Windows\System32\services.exe + S-1-16-16384 + +" +2021-12-07T21:33:01.409312+04:00,1638898381.409312,4688,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe,IEUser,C:\Windows\System32\cmd.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329914 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-21-3461203602-4096304019-2269080069-1000 + IEUser + MSEDGEWIN10 + 0x53ca2 + 0x21a4 + \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe + %%1937 + 0x2480 + + S-1-0-0 + - + - + 0x0 + C:\Windows\System32\cmd.exe + S-1-16-12288 + +" +2021-12-07T21:33:14.919262+04:00,1638898394.919262,4688,C:\Windows\System32\svchost.exe,MSEDGEWIN10$,C:\Windows\System32\services.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329925 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-18 + MSEDGEWIN10$ + WORKGROUP + 0x3e7 + 0x24e0 + C:\Windows\System32\svchost.exe + %%1936 + 0x274 + + S-1-5-19 + LOCAL SERVICE + NT AUTHORITY + 0x3e5 + C:\Windows\System32\services.exe + S-1-16-16384 + +" +2021-12-07T21:33:01.680326+04:00,1638898381.680326,4688,C:\Windows\System32\lsass.exe,IEUser,C:\Windows\System32\lsass.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329921 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-21-3461203602-4096304019-2269080069-1000 + IEUser + MSEDGEWIN10 + 0x16e3db3 + 0x1494 + C:\Windows\System32\lsass.exe + %%1936 + 0x27c + + S-1-5-18 + MSEDGEWIN10$ + WORKGROUP + 0x3e7 + C:\Windows\System32\lsass.exe + S-1-16-16384 + +" +2021-12-07T21:33:01.680005+04:00,1638898381.680005,4688,C:\Windows\System32\conhost.exe,IEUser,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329920 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-21-3461203602-4096304019-2269080069-1000 + IEUser + MSEDGEWIN10 + 0x16e3db3 + 0x11e4 + C:\Windows\System32\conhost.exe + %%1936 + 0x17b8 + + S-1-0-0 + - + - + 0x0 + \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe + S-1-16-12288 + +" +2021-12-07T21:33:01.636384+04:00,1638898381.636384,4688,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe,MSEDGEWIN10$,C:\Windows\System32\lsass.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329919 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-18 + MSEDGEWIN10$ + WORKGROUP + 0x3e7 + 0x17b8 + \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe + %%1936 + 0x27c + + S-1-0-0 + IEUser + MSEDGEWIN10 + 0x16e3db3 + C:\Windows\System32\lsass.exe + S-1-16-12288 + +" +2021-12-07T21:33:01.474816+04:00,1638898381.474816,4688,C:\Windows\System32\svchost.exe,MSEDGEWIN10$,C:\Windows\System32\services.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329916 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-18 + MSEDGEWIN10$ + WORKGROUP + 0x3e7 + 0x1bc4 + C:\Windows\System32\svchost.exe + %%1936 + 0x274 + + S-1-0-0 + - + - + 0x0 + C:\Windows\System32\services.exe + S-1-16-16384 + +" +2021-12-07T21:33:01.409312+04:00,1638898381.409312,4688,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe,IEUser,C:\Windows\System32\cmd.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329914 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-21-3461203602-4096304019-2269080069-1000 + IEUser + MSEDGEWIN10 + 0x53ca2 + 0x21a4 + \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe + %%1937 + 0x2480 + + S-1-0-0 + - + - + 0x0 + C:\Windows\System32\cmd.exe + S-1-16-12288 + +" +2021-12-07T21:33:14.919262+04:00,1638898394.919262,4688,C:\Windows\System32\svchost.exe,MSEDGEWIN10$,C:\Windows\System32\services.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329925 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-18 + MSEDGEWIN10$ + WORKGROUP + 0x3e7 + 0x24e0 + C:\Windows\System32\svchost.exe + %%1936 + 0x274 + + S-1-5-19 + LOCAL SERVICE + NT AUTHORITY + 0x3e5 + C:\Windows\System32\services.exe + S-1-16-16384 + +" +2021-12-07T21:33:01.680326+04:00,1638898381.680326,4688,C:\Windows\System32\lsass.exe,IEUser,C:\Windows\System32\lsass.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329921 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-21-3461203602-4096304019-2269080069-1000 + IEUser + MSEDGEWIN10 + 0x16e3db3 + 0x1494 + C:\Windows\System32\lsass.exe + %%1936 + 0x27c + + S-1-5-18 + MSEDGEWIN10$ + WORKGROUP + 0x3e7 + C:\Windows\System32\lsass.exe + S-1-16-16384 + +" +2021-12-07T21:33:01.680005+04:00,1638898381.680005,4688,C:\Windows\System32\conhost.exe,IEUser,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329920 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-21-3461203602-4096304019-2269080069-1000 + IEUser + MSEDGEWIN10 + 0x16e3db3 + 0x11e4 + C:\Windows\System32\conhost.exe + %%1936 + 0x17b8 + + S-1-0-0 + - + - + 0x0 + \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe + S-1-16-12288 + +" +2021-12-07T21:33:01.636384+04:00,1638898381.636384,4688,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe,MSEDGEWIN10$,C:\Windows\System32\lsass.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329919 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-18 + MSEDGEWIN10$ + WORKGROUP + 0x3e7 + 0x17b8 + \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe + %%1936 + 0x27c + + S-1-0-0 + IEUser + MSEDGEWIN10 + 0x16e3db3 + C:\Windows\System32\lsass.exe + S-1-16-12288 + +" +2021-12-07T21:33:01.474816+04:00,1638898381.474816,4688,C:\Windows\System32\svchost.exe,MSEDGEWIN10$,C:\Windows\System32\services.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329916 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-18 + MSEDGEWIN10$ + WORKGROUP + 0x3e7 + 0x1bc4 + C:\Windows\System32\svchost.exe + %%1936 + 0x274 + + S-1-0-0 + - + - + 0x0 + C:\Windows\System32\services.exe + S-1-16-16384 + +" +2021-12-07T21:33:01.409312+04:00,1638898381.409312,4688,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe,IEUser,C:\Windows\System32\cmd.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329914 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-21-3461203602-4096304019-2269080069-1000 + IEUser + MSEDGEWIN10 + 0x53ca2 + 0x21a4 + \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe + %%1937 + 0x2480 + + S-1-0-0 + - + - + 0x0 + C:\Windows\System32\cmd.exe + S-1-16-12288 + +" +2021-12-07T21:33:14.919262+04:00,1638898394.919262,4688,C:\Windows\System32\svchost.exe,MSEDGEWIN10$,C:\Windows\System32\services.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329925 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-18 + MSEDGEWIN10$ + WORKGROUP + 0x3e7 + 0x24e0 + C:\Windows\System32\svchost.exe + %%1936 + 0x274 + + S-1-5-19 + LOCAL SERVICE + NT AUTHORITY + 0x3e5 + C:\Windows\System32\services.exe + S-1-16-16384 + +" +2021-12-07T21:33:01.680326+04:00,1638898381.680326,4688,C:\Windows\System32\lsass.exe,IEUser,C:\Windows\System32\lsass.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329921 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-21-3461203602-4096304019-2269080069-1000 + IEUser + MSEDGEWIN10 + 0x16e3db3 + 0x1494 + C:\Windows\System32\lsass.exe + %%1936 + 0x27c + + S-1-5-18 + MSEDGEWIN10$ + WORKGROUP + 0x3e7 + C:\Windows\System32\lsass.exe + S-1-16-16384 + +" +2021-12-07T21:33:01.680005+04:00,1638898381.680005,4688,C:\Windows\System32\conhost.exe,IEUser,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329920 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-21-3461203602-4096304019-2269080069-1000 + IEUser + MSEDGEWIN10 + 0x16e3db3 + 0x11e4 + C:\Windows\System32\conhost.exe + %%1936 + 0x17b8 + + S-1-0-0 + - + - + 0x0 + \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe + S-1-16-12288 + +" +2021-12-07T21:33:01.636384+04:00,1638898381.636384,4688,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe,MSEDGEWIN10$,C:\Windows\System32\lsass.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329919 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-18 + MSEDGEWIN10$ + WORKGROUP + 0x3e7 + 0x17b8 + \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe + %%1936 + 0x27c + + S-1-0-0 + IEUser + MSEDGEWIN10 + 0x16e3db3 + C:\Windows\System32\lsass.exe + S-1-16-12288 + +" +2021-12-07T21:33:01.474816+04:00,1638898381.474816,4688,C:\Windows\System32\svchost.exe,MSEDGEWIN10$,C:\Windows\System32\services.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329916 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-18 + MSEDGEWIN10$ + WORKGROUP + 0x3e7 + 0x1bc4 + C:\Windows\System32\svchost.exe + %%1936 + 0x274 + + S-1-0-0 + - + - + 0x0 + C:\Windows\System32\services.exe + S-1-16-16384 + +" +2021-12-07T21:33:01.409312+04:00,1638898381.409312,4688,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe,IEUser,C:\Windows\System32\cmd.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329914 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-21-3461203602-4096304019-2269080069-1000 + IEUser + MSEDGEWIN10 + 0x53ca2 + 0x21a4 + \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe + %%1937 + 0x2480 + + S-1-0-0 + - + - + 0x0 + C:\Windows\System32\cmd.exe + S-1-16-12288 + +" +2021-12-07T21:33:14.919262+04:00,1638898394.919262,4688,C:\Windows\System32\svchost.exe,MSEDGEWIN10$,C:\Windows\System32\services.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329925 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-18 + MSEDGEWIN10$ + WORKGROUP + 0x3e7 + 0x24e0 + C:\Windows\System32\svchost.exe + %%1936 + 0x274 + + S-1-5-19 + LOCAL SERVICE + NT AUTHORITY + 0x3e5 + C:\Windows\System32\services.exe + S-1-16-16384 + +" +2021-12-07T21:33:01.680326+04:00,1638898381.680326,4688,C:\Windows\System32\lsass.exe,IEUser,C:\Windows\System32\lsass.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329921 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-21-3461203602-4096304019-2269080069-1000 + IEUser + MSEDGEWIN10 + 0x16e3db3 + 0x1494 + C:\Windows\System32\lsass.exe + %%1936 + 0x27c + + S-1-5-18 + MSEDGEWIN10$ + WORKGROUP + 0x3e7 + C:\Windows\System32\lsass.exe + S-1-16-16384 + +" +2021-12-07T21:33:01.680005+04:00,1638898381.680005,4688,C:\Windows\System32\conhost.exe,IEUser,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329920 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-21-3461203602-4096304019-2269080069-1000 + IEUser + MSEDGEWIN10 + 0x16e3db3 + 0x11e4 + C:\Windows\System32\conhost.exe + %%1936 + 0x17b8 + + S-1-0-0 + - + - + 0x0 + \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe + S-1-16-12288 + +" +2021-12-07T21:33:01.636384+04:00,1638898381.636384,4688,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe,MSEDGEWIN10$,C:\Windows\System32\lsass.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329919 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-18 + MSEDGEWIN10$ + WORKGROUP + 0x3e7 + 0x17b8 + \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe + %%1936 + 0x27c + + S-1-0-0 + IEUser + MSEDGEWIN10 + 0x16e3db3 + C:\Windows\System32\lsass.exe + S-1-16-12288 + +" +2021-12-07T21:33:01.474816+04:00,1638898381.474816,4688,C:\Windows\System32\svchost.exe,MSEDGEWIN10$,C:\Windows\System32\services.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329916 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-18 + MSEDGEWIN10$ + WORKGROUP + 0x3e7 + 0x1bc4 + C:\Windows\System32\svchost.exe + %%1936 + 0x274 + + S-1-0-0 + - + - + 0x0 + C:\Windows\System32\services.exe + S-1-16-16384 + +" +2021-12-07T21:33:01.409312+04:00,1638898381.409312,4688,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe,IEUser,C:\Windows\System32\cmd.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329914 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-21-3461203602-4096304019-2269080069-1000 + IEUser + MSEDGEWIN10 + 0x53ca2 + 0x21a4 + \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe + %%1937 + 0x2480 + + S-1-0-0 + - + - + 0x0 + C:\Windows\System32\cmd.exe + S-1-16-12288 + +" +2021-12-07T21:33:14.919262+04:00,1638898394.919262,4688,C:\Windows\System32\svchost.exe,MSEDGEWIN10$,C:\Windows\System32\services.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329925 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-18 + MSEDGEWIN10$ + WORKGROUP + 0x3e7 + 0x24e0 + C:\Windows\System32\svchost.exe + %%1936 + 0x274 + + S-1-5-19 + LOCAL SERVICE + NT AUTHORITY + 0x3e5 + C:\Windows\System32\services.exe + S-1-16-16384 + +" +2021-12-07T21:33:01.680326+04:00,1638898381.680326,4688,C:\Windows\System32\lsass.exe,IEUser,C:\Windows\System32\lsass.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329921 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-21-3461203602-4096304019-2269080069-1000 + IEUser + MSEDGEWIN10 + 0x16e3db3 + 0x1494 + C:\Windows\System32\lsass.exe + %%1936 + 0x27c + + S-1-5-18 + MSEDGEWIN10$ + WORKGROUP + 0x3e7 + C:\Windows\System32\lsass.exe + S-1-16-16384 + +" +2021-12-07T21:33:01.680005+04:00,1638898381.680005,4688,C:\Windows\System32\conhost.exe,IEUser,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329920 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-21-3461203602-4096304019-2269080069-1000 + IEUser + MSEDGEWIN10 + 0x16e3db3 + 0x11e4 + C:\Windows\System32\conhost.exe + %%1936 + 0x17b8 + + S-1-0-0 + - + - + 0x0 + \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe + S-1-16-12288 + +" +2021-12-07T21:33:01.636384+04:00,1638898381.636384,4688,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe,MSEDGEWIN10$,C:\Windows\System32\lsass.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329919 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-18 + MSEDGEWIN10$ + WORKGROUP + 0x3e7 + 0x17b8 + \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe + %%1936 + 0x27c + + S-1-0-0 + IEUser + MSEDGEWIN10 + 0x16e3db3 + C:\Windows\System32\lsass.exe + S-1-16-12288 + +" +2021-12-07T21:33:01.474816+04:00,1638898381.474816,4688,C:\Windows\System32\svchost.exe,MSEDGEWIN10$,C:\Windows\System32\services.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329916 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-18 + MSEDGEWIN10$ + WORKGROUP + 0x3e7 + 0x1bc4 + C:\Windows\System32\svchost.exe + %%1936 + 0x274 + + S-1-0-0 + - + - + 0x0 + C:\Windows\System32\services.exe + S-1-16-16384 + +" +2021-12-07T21:33:01.409312+04:00,1638898381.409312,4688,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe,IEUser,C:\Windows\System32\cmd.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329914 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-21-3461203602-4096304019-2269080069-1000 + IEUser + MSEDGEWIN10 + 0x53ca2 + 0x21a4 + \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe + %%1937 + 0x2480 + + S-1-0-0 + - + - + 0x0 + C:\Windows\System32\cmd.exe + S-1-16-12288 + +" +2021-12-07T21:33:14.919262+04:00,1638898394.919262,4688,C:\Windows\System32\svchost.exe,MSEDGEWIN10$,C:\Windows\System32\services.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329925 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-18 + MSEDGEWIN10$ + WORKGROUP + 0x3e7 + 0x24e0 + C:\Windows\System32\svchost.exe + %%1936 + 0x274 + + S-1-5-19 + LOCAL SERVICE + NT AUTHORITY + 0x3e5 + C:\Windows\System32\services.exe + S-1-16-16384 + +" +2021-12-07T21:33:01.680326+04:00,1638898381.680326,4688,C:\Windows\System32\lsass.exe,IEUser,C:\Windows\System32\lsass.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329921 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-21-3461203602-4096304019-2269080069-1000 + IEUser + MSEDGEWIN10 + 0x16e3db3 + 0x1494 + C:\Windows\System32\lsass.exe + %%1936 + 0x27c + + S-1-5-18 + MSEDGEWIN10$ + WORKGROUP + 0x3e7 + C:\Windows\System32\lsass.exe + S-1-16-16384 + +" +2021-12-07T21:33:01.680005+04:00,1638898381.680005,4688,C:\Windows\System32\conhost.exe,IEUser,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329920 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-21-3461203602-4096304019-2269080069-1000 + IEUser + MSEDGEWIN10 + 0x16e3db3 + 0x11e4 + C:\Windows\System32\conhost.exe + %%1936 + 0x17b8 + + S-1-0-0 + - + - + 0x0 + \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe + S-1-16-12288 + +" +2021-12-07T21:33:01.636384+04:00,1638898381.636384,4688,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe,MSEDGEWIN10$,C:\Windows\System32\lsass.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329919 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-18 + MSEDGEWIN10$ + WORKGROUP + 0x3e7 + 0x17b8 + \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe + %%1936 + 0x27c + + S-1-0-0 + IEUser + MSEDGEWIN10 + 0x16e3db3 + C:\Windows\System32\lsass.exe + S-1-16-12288 + +" +2021-12-07T21:33:01.474816+04:00,1638898381.474816,4688,C:\Windows\System32\svchost.exe,MSEDGEWIN10$,C:\Windows\System32\services.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329916 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-18 + MSEDGEWIN10$ + WORKGROUP + 0x3e7 + 0x1bc4 + C:\Windows\System32\svchost.exe + %%1936 + 0x274 + + S-1-0-0 + - + - + 0x0 + C:\Windows\System32\services.exe + S-1-16-16384 + +" +2021-12-07T21:33:01.409312+04:00,1638898381.409312,4688,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe,IEUser,C:\Windows\System32\cmd.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329914 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-21-3461203602-4096304019-2269080069-1000 + IEUser + MSEDGEWIN10 + 0x53ca2 + 0x21a4 + \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe + %%1937 + 0x2480 + + S-1-0-0 + - + - + 0x0 + C:\Windows\System32\cmd.exe + S-1-16-12288 + +" +2022-05-01T08:42:06.656542+04:00,1651380126.656542,4688,C:\Windows\System32\notepad.exe,WIND10$,C:\Windows\System32\wbem\WmiPrvSE.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 21374 + + + + + Security + wind10.winlab.local + + + + + S-1-5-20 + WIND10$ + WINLAB + 0x3e4 + 0x1dc + C:\Windows\System32\notepad.exe + %%1936 + 0xe8c + + S-1-0-0 + Administrator + WINLAB.LOCAL + 0x82215a + C:\Windows\System32\wbem\WmiPrvSE.exe + S-1-16-12288 + +" +2021-12-07T21:33:14.919262+04:00,1638898394.919262,4688,C:\Windows\System32\svchost.exe,MSEDGEWIN10$,C:\Windows\System32\services.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329925 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-18 + MSEDGEWIN10$ + WORKGROUP + 0x3e7 + 0x24e0 + C:\Windows\System32\svchost.exe + %%1936 + 0x274 + + S-1-5-19 + LOCAL SERVICE + NT AUTHORITY + 0x3e5 + C:\Windows\System32\services.exe + S-1-16-16384 + +" +2021-12-07T21:33:01.680326+04:00,1638898381.680326,4688,C:\Windows\System32\lsass.exe,IEUser,C:\Windows\System32\lsass.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329921 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-21-3461203602-4096304019-2269080069-1000 + IEUser + MSEDGEWIN10 + 0x16e3db3 + 0x1494 + C:\Windows\System32\lsass.exe + %%1936 + 0x27c + + S-1-5-18 + MSEDGEWIN10$ + WORKGROUP + 0x3e7 + C:\Windows\System32\lsass.exe + S-1-16-16384 + +" +2021-12-07T21:33:01.680005+04:00,1638898381.680005,4688,C:\Windows\System32\conhost.exe,IEUser,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329920 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-21-3461203602-4096304019-2269080069-1000 + IEUser + MSEDGEWIN10 + 0x16e3db3 + 0x11e4 + C:\Windows\System32\conhost.exe + %%1936 + 0x17b8 + + S-1-0-0 + - + - + 0x0 + \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe + S-1-16-12288 + +" +2021-12-07T21:33:01.636384+04:00,1638898381.636384,4688,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe,MSEDGEWIN10$,C:\Windows\System32\lsass.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329919 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-18 + MSEDGEWIN10$ + WORKGROUP + 0x3e7 + 0x17b8 + \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe + %%1936 + 0x27c + + S-1-0-0 + IEUser + MSEDGEWIN10 + 0x16e3db3 + C:\Windows\System32\lsass.exe + S-1-16-12288 + +" +2021-12-07T21:33:01.474816+04:00,1638898381.474816,4688,C:\Windows\System32\svchost.exe,MSEDGEWIN10$,C:\Windows\System32\services.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329916 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-18 + MSEDGEWIN10$ + WORKGROUP + 0x3e7 + 0x1bc4 + C:\Windows\System32\svchost.exe + %%1936 + 0x274 + + S-1-0-0 + - + - + 0x0 + C:\Windows\System32\services.exe + S-1-16-16384 + +" +2021-12-07T21:33:01.409312+04:00,1638898381.409312,4688,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe,IEUser,C:\Windows\System32\cmd.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329914 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-21-3461203602-4096304019-2269080069-1000 + IEUser + MSEDGEWIN10 + 0x53ca2 + 0x21a4 + \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe + %%1937 + 0x2480 + + S-1-0-0 + - + - + 0x0 + C:\Windows\System32\cmd.exe + S-1-16-12288 + +" +2022-05-01T08:42:06.656542+04:00,1651380126.656542,4688,C:\Windows\System32\notepad.exe,WIND10$,C:\Windows\System32\wbem\WmiPrvSE.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 21374 + + + + + Security + wind10.winlab.local + + + + + S-1-5-20 + WIND10$ + WINLAB + 0x3e4 + 0x1dc + C:\Windows\System32\notepad.exe + %%1936 + 0xe8c + + S-1-0-0 + Administrator + WINLAB.LOCAL + 0x82215a + C:\Windows\System32\wbem\WmiPrvSE.exe + S-1-16-12288 + +" +2021-12-07T21:33:14.919262+04:00,1638898394.919262,4688,C:\Windows\System32\svchost.exe,MSEDGEWIN10$,C:\Windows\System32\services.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329925 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-18 + MSEDGEWIN10$ + WORKGROUP + 0x3e7 + 0x24e0 + C:\Windows\System32\svchost.exe + %%1936 + 0x274 + + S-1-5-19 + LOCAL SERVICE + NT AUTHORITY + 0x3e5 + C:\Windows\System32\services.exe + S-1-16-16384 + +" +2021-12-07T21:33:01.680326+04:00,1638898381.680326,4688,C:\Windows\System32\lsass.exe,IEUser,C:\Windows\System32\lsass.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329921 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-21-3461203602-4096304019-2269080069-1000 + IEUser + MSEDGEWIN10 + 0x16e3db3 + 0x1494 + C:\Windows\System32\lsass.exe + %%1936 + 0x27c + + S-1-5-18 + MSEDGEWIN10$ + WORKGROUP + 0x3e7 + C:\Windows\System32\lsass.exe + S-1-16-16384 + +" +2021-12-07T21:33:01.680005+04:00,1638898381.680005,4688,C:\Windows\System32\conhost.exe,IEUser,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329920 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-21-3461203602-4096304019-2269080069-1000 + IEUser + MSEDGEWIN10 + 0x16e3db3 + 0x11e4 + C:\Windows\System32\conhost.exe + %%1936 + 0x17b8 + + S-1-0-0 + - + - + 0x0 + \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe + S-1-16-12288 + +" +2021-12-07T21:33:01.636384+04:00,1638898381.636384,4688,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe,MSEDGEWIN10$,C:\Windows\System32\lsass.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329919 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-18 + MSEDGEWIN10$ + WORKGROUP + 0x3e7 + 0x17b8 + \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe + %%1936 + 0x27c + + S-1-0-0 + IEUser + MSEDGEWIN10 + 0x16e3db3 + C:\Windows\System32\lsass.exe + S-1-16-12288 + +" +2021-12-07T21:33:01.474816+04:00,1638898381.474816,4688,C:\Windows\System32\svchost.exe,MSEDGEWIN10$,C:\Windows\System32\services.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329916 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-18 + MSEDGEWIN10$ + WORKGROUP + 0x3e7 + 0x1bc4 + C:\Windows\System32\svchost.exe + %%1936 + 0x274 + + S-1-0-0 + - + - + 0x0 + C:\Windows\System32\services.exe + S-1-16-16384 + +" +2021-12-07T21:33:01.409312+04:00,1638898381.409312,4688,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe,IEUser,C:\Windows\System32\cmd.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329914 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-21-3461203602-4096304019-2269080069-1000 + IEUser + MSEDGEWIN10 + 0x53ca2 + 0x21a4 + \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe + %%1937 + 0x2480 + + S-1-0-0 + - + - + 0x0 + C:\Windows\System32\cmd.exe + S-1-16-12288 + +" +2022-05-01T08:42:06.656542+04:00,1651380126.656542,4688,C:\Windows\System32\notepad.exe,WIND10$,C:\Windows\System32\wbem\WmiPrvSE.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 21374 + + + + + Security + wind10.winlab.local + + + + + S-1-5-20 + WIND10$ + WINLAB + 0x3e4 + 0x1dc + C:\Windows\System32\notepad.exe + %%1936 + 0xe8c + + S-1-0-0 + Administrator + WINLAB.LOCAL + 0x82215a + C:\Windows\System32\wbem\WmiPrvSE.exe + S-1-16-12288 + +" +1601-01-01T04:00:00+04:00,-11644473600.0,4688,C:\Windows\System32\conhost.exe,IEWIN7$,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 18208 + + + + + Security + IEWIN7 + + + + + S-1-5-18 + IEWIN7$ + WORKGROUP + 0x3e7 + 0x8dc + C:\Windows\System32\conhost.exe + %%1936 + 0x188 + + +" +2019-05-11T21:10:10.904945+04:00,1557594610.904945,4688,C:\Windows\System32\cmd.exe,IEWIN7$,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 18207 + + + + + Security + IEWIN7 + + + + + S-1-5-18 + IEWIN7$ + WORKGROUP + 0x3e7 + 0xc74 + C:\Windows\System32\cmd.exe + %%1936 + 0x4f0 + + +" +2019-05-11T21:10:10.889320+04:00,1557594610.88932,4688,C:\Windows\System32\wusa.exe,IEWIN7$,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 18205 + + + + + Security + IEWIN7 + + + + + S-1-5-18 + IEWIN7$ + WORKGROUP + 0x3e7 + 0x5b0 + C:\Windows\System32\wusa.exe + %%1937 + 0x4f0 + + +" +2019-05-11T21:10:10.826820+04:00,1557594610.82682,4688,C:\Windows\System32\dllhost.exe,IEWIN7$,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 18204 + + + + + Security + IEWIN7 + + + + + S-1-5-18 + IEWIN7$ + WORKGROUP + 0x3e7 + 0x27c + C:\Windows\System32\dllhost.exe + %%1936 + 0x258 + + +" +2019-05-11T21:10:10.795570+04:00,1557594610.79557,4688,C:\Windows\System32\dllhost.exe,IEWIN7$,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 18201 + + + + + Security + IEWIN7 + + + + + S-1-5-18 + IEWIN7$ + WORKGROUP + 0x3e7 + 0xec8 + C:\Windows\System32\dllhost.exe + %%1936 + 0x258 + + +" +2019-05-11T21:10:10.654945+04:00,1557594610.654945,4688,C:\Windows\System32\consent.exe,IEWIN7$,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 18198 + + + + + Security + IEWIN7 + + + + + S-1-5-18 + IEWIN7$ + WORKGROUP + 0x3e7 + 0x7f0 + C:\Windows\System32\consent.exe + %%1936 + 0x3c8 + + +" +2019-05-11T21:10:10.623695+04:00,1557594610.623695,4688,C:\Windows\System32\wusa.exe,IEUser,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 18197 + + + + + Security + IEWIN7 + + + + + S-1-5-21-3583694148-1414552638-2922671848-1000 + IEUser + IEWIN7 + 0x13765 + 0x628 + C:\Windows\System32\wusa.exe + %%1938 + 0x4f0 + + +" +2019-05-11T21:10:10.608070+04:00,1557594610.60807,4688,C:\Python27\python.exe,IEUser,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 18196 + + + + + Security + IEWIN7 + + + + + S-1-5-21-3583694148-1414552638-2922671848-1000 + IEUser + IEWIN7 + 0x13765 + 0x4f0 + C:\Python27\python.exe + %%1938 + 0x12c + + +" +2019-03-18T15:06:46.345209+04:00,1552907206.345209,4688,C:\Windows\System32\dllhost.exe,PC01$,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 433078 + + + + + Security + PC01.example.corp + + + + + S-1-5-18 + PC01$ + EXAMPLE + 0x3e7 + 0xf6c + C:\Windows\System32\dllhost.exe + %%1936 + 0x278 + + +" +2019-03-18T15:06:42.139161+04:00,1552907202.139161,4688,C:\Windows\System32\conhost.exe,PC01$,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 432906 + + + + + Security + PC01.example.corp + + + + + S-1-5-18 + PC01$ + EXAMPLE + 0x3e7 + 0x370 + C:\Windows\System32\conhost.exe + %%1936 + 0x764 + + +" +2019-03-18T15:06:42.139161+04:00,1552907202.139161,4688,C:\Windows\System32\cmd.exe,PC01$,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 432905 + + + + + Security + PC01.example.corp + + + + + S-1-5-18 + PC01$ + EXAMPLE + 0x3e7 + 0x440 + C:\Windows\System32\cmd.exe + %%1936 + 0x448 + + +" +2019-03-19T02:16:09.458302+04:00,1552947369.458302,4688,C:\Windows\System32\calc.exe,WIN-77LTAPHIQ1R$,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 563299 + + + + + Security + WIN-77LTAPHIQ1R.example.corp + + + + + S-1-5-20 + WIN-77LTAPHIQ1R$ + EXAMPLE + 0x3e4 + 0x424 + C:\Windows\System32\calc.exe + %%1936 + 0xae8 + + +" +2019-03-19T02:15:49.692401+04:00,1552947349.692401,4688,C:\Windows\System32\wbem\WmiPrvSE.exe,WIN-77LTAPHIQ1R$,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 563298 + + + + + Security + WIN-77LTAPHIQ1R.example.corp + + + + + S-1-5-18 + WIN-77LTAPHIQ1R$ + EXAMPLE + 0x3e7 + 0xae8 + C:\Windows\System32\wbem\WmiPrvSE.exe + %%1936 + 0x248 + + +" +2019-03-19T04:02:07.445773+04:00,1552953727.445773,4688,C:\Windows\System32\wbem\WmiPrvSE.exe,WIN-77LTAPHIQ1R$,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 566844 + + + + + Security + WIN-77LTAPHIQ1R.example.corp + + + + + S-1-5-18 + WIN-77LTAPHIQ1R$ + EXAMPLE + 0x3e7 + 0x3b4 + C:\Windows\System32\wbem\WmiPrvSE.exe + %%1936 + 0x248 + + +" +2019-03-19T04:02:04.367441+04:00,1552953724.367441,4688,C:\Windows\System32\tasklist.exe,WIN-77LTAPHIQ1R$,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 566839 + + + + + Security + WIN-77LTAPHIQ1R.example.corp + + + + + S-1-5-18 + WIN-77LTAPHIQ1R$ + EXAMPLE + 0x3e7 + 0x970 + C:\Windows\System32\tasklist.exe + %%1936 + 0xbcc + + +" +2019-03-19T04:02:04.351252+04:00,1552953724.351252,4688,C:\Windows\System32\conhost.exe,WIN-77LTAPHIQ1R$,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 566838 + + + + + Security + WIN-77LTAPHIQ1R.example.corp + + + + + S-1-5-18 + WIN-77LTAPHIQ1R$ + EXAMPLE + 0x3e7 + 0xebc + C:\Windows\System32\conhost.exe + %%1936 + 0xbcc + + +" +2019-03-19T04:02:04.335561+04:00,1552953724.335561,4688,C:\Windows\System32\cmd.exe,WIN-77LTAPHIQ1R$,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 566837 + + + + + Security + WIN-77LTAPHIQ1R.example.corp + + + + + S-1-5-18 + WIN-77LTAPHIQ1R$ + EXAMPLE + 0x3e7 + 0xbcc + C:\Windows\System32\cmd.exe + %%1936 + 0x33c + + +" +1601-01-01T04:00:00+04:00,-11644473600.0,4688,C:\Windows\System32\conhost.exe,IEWIN7$,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 18208 + + + + + Security + IEWIN7 + + + + + S-1-5-18 + IEWIN7$ + WORKGROUP + 0x3e7 + 0x8dc + C:\Windows\System32\conhost.exe + %%1936 + 0x188 + + +" +2019-05-11T21:10:10.904945+04:00,1557594610.904945,4688,C:\Windows\System32\cmd.exe,IEWIN7$,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 18207 + + + + + Security + IEWIN7 + + + + + S-1-5-18 + IEWIN7$ + WORKGROUP + 0x3e7 + 0xc74 + C:\Windows\System32\cmd.exe + %%1936 + 0x4f0 + + +" +2019-05-11T21:10:10.889320+04:00,1557594610.88932,4688,C:\Windows\System32\wusa.exe,IEWIN7$,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 18205 + + + + + Security + IEWIN7 + + + + + S-1-5-18 + IEWIN7$ + WORKGROUP + 0x3e7 + 0x5b0 + C:\Windows\System32\wusa.exe + %%1937 + 0x4f0 + + +" +2019-05-11T21:10:10.826820+04:00,1557594610.82682,4688,C:\Windows\System32\dllhost.exe,IEWIN7$,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 18204 + + + + + Security + IEWIN7 + + + + + S-1-5-18 + IEWIN7$ + WORKGROUP + 0x3e7 + 0x27c + C:\Windows\System32\dllhost.exe + %%1936 + 0x258 + + +" +2019-05-11T21:10:10.795570+04:00,1557594610.79557,4688,C:\Windows\System32\dllhost.exe,IEWIN7$,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 18201 + + + + + Security + IEWIN7 + + + + + S-1-5-18 + IEWIN7$ + WORKGROUP + 0x3e7 + 0xec8 + C:\Windows\System32\dllhost.exe + %%1936 + 0x258 + + +" +2019-05-11T21:10:10.654945+04:00,1557594610.654945,4688,C:\Windows\System32\consent.exe,IEWIN7$,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 18198 + + + + + Security + IEWIN7 + + + + + S-1-5-18 + IEWIN7$ + WORKGROUP + 0x3e7 + 0x7f0 + C:\Windows\System32\consent.exe + %%1936 + 0x3c8 + + +" +2019-05-11T21:10:10.623695+04:00,1557594610.623695,4688,C:\Windows\System32\wusa.exe,IEUser,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 18197 + + + + + Security + IEWIN7 + + + + + S-1-5-21-3583694148-1414552638-2922671848-1000 + IEUser + IEWIN7 + 0x13765 + 0x628 + C:\Windows\System32\wusa.exe + %%1938 + 0x4f0 + + +" +2019-05-11T21:10:10.608070+04:00,1557594610.60807,4688,C:\Python27\python.exe,IEUser,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 18196 + + + + + Security + IEWIN7 + + + + + S-1-5-21-3583694148-1414552638-2922671848-1000 + IEUser + IEWIN7 + 0x13765 + 0x4f0 + C:\Python27\python.exe + %%1938 + 0x12c + + +" +2019-03-18T15:27:05.455663+04:00,1552908425.455663,4688,C:\Windows\System32\wbem\WMIC.exe,user01,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 433308 + + + + + Security + PC01.example.corp + + + + + S-1-5-21-1587066498-1489273250-1035260531-1106 + user01 + EXAMPLE + 0x18a7875 + 0x44c + C:\Windows\System32\wbem\WMIC.exe + %%1936 + 0x86c + + +" +2019-02-13T22:05:06.665634+04:00,1550081106.665634,4688,C:\Windows\System32\AtBroker.exe,PC01$,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 227784 + + + + + Security + PC01.example.corp + + + + + S-1-5-18 + PC01$ + EXAMPLE + 0x3e7 + 0x7f0 + C:\Windows\System32\AtBroker.exe + %%1936 + 0xdec + + +" +2019-02-13T22:05:06.585519+04:00,1550081106.585519,4688,C:\Windows\System32\rdpclip.exe,PC01$,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 227783 + + + + + Security + PC01.example.corp + + + + + S-1-5-20 + PC01$ + EXAMPLE + 0x3e4 + 0xa1c + C:\Windows\System32\rdpclip.exe + %%1936 + 0x500 + + +" +2019-02-13T22:05:05.453892+04:00,1550081105.453892,4688,C:\Windows\System32\TSTheme.exe,PC01$,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 227776 + + + + + Security + PC01.example.corp + + + + + S-1-5-18 + PC01$ + EXAMPLE + 0x3e7 + 0x9fc + C:\Windows\System32\TSTheme.exe + %%1936 + 0x278 + + +" +2019-02-13T22:05:05.253604+04:00,1550081105.253604,4688,C:\Windows\System32\LogonUI.exe,PC01$,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 227775 + + + + + Security + PC01.example.corp + + + + + S-1-5-18 + PC01$ + EXAMPLE + 0x3e7 + 0xce0 + C:\Windows\System32\LogonUI.exe + %%1936 + 0x768 + + +" +2019-02-13T22:05:05.123416+04:00,1550081105.123416,4688,C:\Windows\System32\winlogon.exe,PC01$,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 227774 + + + + + Security + PC01.example.corp + + + + + S-1-5-18 + PC01$ + EXAMPLE + 0x3e7 + 0x768 + C:\Windows\System32\winlogon.exe + %%1936 + 0x62c + + +" +2019-02-13T22:05:04.873056+04:00,1550081104.873056,4688,C:\Windows\System32\csrss.exe,PC01$,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 227773 + + + + + Security + PC01.example.corp + + + + + S-1-5-18 + PC01$ + EXAMPLE + 0x3e7 + 0xadc + C:\Windows\System32\csrss.exe + %%1936 + 0x62c + + +" +2019-02-13T22:05:04.802956+04:00,1550081104.802956,4688,C:\Windows\System32\smss.exe,PC01$,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 227772 + + + + + Security + PC01.example.corp + + + + + S-1-5-18 + PC01$ + EXAMPLE + 0x3e7 + 0x62c + C:\Windows\System32\smss.exe + %%1936 + 0x124 + + +" +2019-02-13T22:05:01.037541+04:00,1550081101.037541,4688,C:\Windows\System32\rundll32.exe,PC01$,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 227769 + + + + + Security + PC01.example.corp + + + + + S-1-5-18 + PC01$ + EXAMPLE + 0x3e7 + 0x410 + C:\Windows\System32\rundll32.exe + %%1936 + 0x278 + + +" +2019-02-13T22:04:57.862976+04:00,1550081097.862976,4688,C:\Windows\System32\LogonUI.exe,PC01$,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 227751 + + + + + Security + PC01.example.corp + + + + + S-1-5-18 + PC01$ + EXAMPLE + 0x3e7 + 0xc70 + C:\Windows\System32\LogonUI.exe + %%1936 + 0x4b8 + + +" +2019-02-13T22:04:57.672703+04:00,1550081097.672703,4688,C:\Windows\System32\winlogon.exe,PC01$,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 227750 + + + + + Security + PC01.example.corp + + + + + S-1-5-18 + PC01$ + EXAMPLE + 0x3e7 + 0x4b8 + C:\Windows\System32\winlogon.exe + %%1936 + 0x38c + + +" +2019-02-13T22:04:57.542516+04:00,1550081097.542516,4688,C:\Windows\System32\csrss.exe,PC01$,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 227749 + + + + + Security + PC01.example.corp + + + + + S-1-5-18 + PC01$ + EXAMPLE + 0x3e7 + 0x9d4 + C:\Windows\System32\csrss.exe + %%1936 + 0x38c + + +" +2019-02-13T22:04:57.462400+04:00,1550081097.4624,4688,C:\Windows\System32\smss.exe,PC01$,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 227748 + + + + + Security + PC01.example.corp + + + + + S-1-5-18 + PC01$ + EXAMPLE + 0x3e7 + 0x38c + C:\Windows\System32\smss.exe + %%1936 + 0x124 + + +" +2019-02-13T22:04:01.632120+04:00,1550081041.63212,4688,C:\Windows\System32\UI0Detect.exe,PC01$,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 227726 + + + + + Security + PC01.example.corp + + + + + S-1-5-18 + PC01$ + EXAMPLE + 0x3e7 + 0x934 + C:\Windows\System32\UI0Detect.exe + %%1936 + 0x990 + + +" +2019-02-13T22:03:35.734882+04:00,1550081015.734882,4688,C:\Windows\System32\slui.exe,PC01$,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 227721 + + + + + Security + PC01.example.corp + + + + + S-1-5-18 + PC01$ + EXAMPLE + 0x3e7 + 0xa38 + C:\Windows\System32\slui.exe + %%1936 + 0x278 + + +" +2019-02-13T22:03:28.338519+04:00,1550081008.338519,4688,C:\Users\user01\Desktop\plink.exe,user01,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 227714 + + + + + Security + PC01.example.corp + + + + + S-1-5-21-1587066498-1489273250-1035260531-1106 + user01 + EXAMPLE + 0x2ed80 + 0xcfc + C:\Users\user01\Desktop\plink.exe + %%1936 + 0xe60 + + +" +2019-02-13T22:02:19.518362+04:00,1550080939.518362,4688,C:\Windows\System32\AtBroker.exe,PC01$,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 227712 + + + + + Security + PC01.example.corp + + + + + S-1-5-18 + PC01$ + EXAMPLE + 0x3e7 + 0x250 + C:\Windows\System32\AtBroker.exe + %%1936 + 0x1d0 + + +" +2019-02-13T22:01:47.602470+04:00,1550080907.60247,4688,C:\Windows\System32\TSTheme.exe,PC01$,None," + + + + + 4688 + 1 + 0 + 13312 + 0 + 0x8020000000000000 + + + 227695 + + + + + Security + PC01.example.corp + + + + + S-1-5-18 + PC01$ + EXAMPLE + 0x3e7 + 0x1fc + C:\Windows\System32\TSTheme.exe + %%1936 + 0x278 + + +" +2021-12-07T21:33:14.919262+04:00,1638898394.919262,4688,C:\Windows\System32\svchost.exe,MSEDGEWIN10$,C:\Windows\System32\services.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329925 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-18 + MSEDGEWIN10$ + WORKGROUP + 0x3e7 + 0x24e0 + C:\Windows\System32\svchost.exe + %%1936 + 0x274 + + S-1-5-19 + LOCAL SERVICE + NT AUTHORITY + 0x3e5 + C:\Windows\System32\services.exe + S-1-16-16384 + +" +2021-12-07T21:33:01.680326+04:00,1638898381.680326,4688,C:\Windows\System32\lsass.exe,IEUser,C:\Windows\System32\lsass.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329921 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-21-3461203602-4096304019-2269080069-1000 + IEUser + MSEDGEWIN10 + 0x16e3db3 + 0x1494 + C:\Windows\System32\lsass.exe + %%1936 + 0x27c + + S-1-5-18 + MSEDGEWIN10$ + WORKGROUP + 0x3e7 + C:\Windows\System32\lsass.exe + S-1-16-16384 + +" +2021-12-07T21:33:01.680005+04:00,1638898381.680005,4688,C:\Windows\System32\conhost.exe,IEUser,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329920 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-21-3461203602-4096304019-2269080069-1000 + IEUser + MSEDGEWIN10 + 0x16e3db3 + 0x11e4 + C:\Windows\System32\conhost.exe + %%1936 + 0x17b8 + + S-1-0-0 + - + - + 0x0 + \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe + S-1-16-12288 + +" +2021-12-07T21:33:01.636384+04:00,1638898381.636384,4688,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe,MSEDGEWIN10$,C:\Windows\System32\lsass.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329919 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-18 + MSEDGEWIN10$ + WORKGROUP + 0x3e7 + 0x17b8 + \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe + %%1936 + 0x27c + + S-1-0-0 + IEUser + MSEDGEWIN10 + 0x16e3db3 + C:\Windows\System32\lsass.exe + S-1-16-12288 + +" +2021-12-07T21:33:01.474816+04:00,1638898381.474816,4688,C:\Windows\System32\svchost.exe,MSEDGEWIN10$,C:\Windows\System32\services.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329916 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-18 + MSEDGEWIN10$ + WORKGROUP + 0x3e7 + 0x1bc4 + C:\Windows\System32\svchost.exe + %%1936 + 0x274 + + S-1-0-0 + - + - + 0x0 + C:\Windows\System32\services.exe + S-1-16-16384 + +" +2021-12-07T21:33:01.409312+04:00,1638898381.409312,4688,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe,IEUser,C:\Windows\System32\cmd.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 329914 + + + + + Security + MSEDGEWIN10 + + + + + S-1-5-21-3461203602-4096304019-2269080069-1000 + IEUser + MSEDGEWIN10 + 0x53ca2 + 0x21a4 + \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe + %%1937 + 0x2480 + + S-1-0-0 + - + - + 0x0 + C:\Windows\System32\cmd.exe + S-1-16-12288 + +" +2022-05-01T08:42:06.656542+04:00,1651380126.656542,4688,C:\Windows\System32\notepad.exe,WIND10$,C:\Windows\System32\wbem\WmiPrvSE.exe," + + + + + 4688 + 2 + 0 + 13312 + 0 + 0x8020000000000000 + + + 21374 + + + + + Security + wind10.winlab.local + + + + + S-1-5-20 + WIND10$ + WINLAB + 0x3e4 + 0x1dc + C:\Windows\System32\notepad.exe + %%1936 + 0xe8c + + S-1-0-0 + Administrator + WINLAB.LOCAL + 0x82215a + C:\Windows\System32\wbem\WmiPrvSE.exe + S-1-16-12288 + +"